passwords to CGI
Paul Rubin
phr-n2002b at NOSPAMnightsong.com
Wed Jan 15 22:08:03 EST 2003
Erik Max Francis <max at alcyone.com> writes:
> It should be easy enough to detect that case, even with a completely
> opaque session ticket. The session ticket will map to a record about
> the session, and in that session record you'll know the IP address of
> the connecting host. In the event that the ticket matches but the host
> doesn't, you're either catching a cheater or someone with a really
> stupid ISP firewall.
Firewalls that do that are not necessarily stupid. Some are
programmed on purpose to switch IP addresses between, for privacy
reasons.
More information about the Python-list
mailing list