Re: Accessed based off of IP...
From: Chris Hope (blackhole_at_electrictoolbox.com)
Date: 04/19/04
- Next message: Wiseguy_at_work: "Re: Form results mailed to me in an attachment"
- Previous message: Me: "Having problems with my php login script"
- In reply to: Dan Tripp: "Re: Accessed based off of IP..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 19 Apr 2004 16:48:21 +1200
Dan Tripp wrote:
>>>There are certain scripts that I have that only I want to run, both from
>>>home and sometimes work. If I add something like this (below) to the
>>>scripts, will this keep out unauthorized use (if the scripts are found
>>>somehow), or can the REMOTE_ADDR be easily spoofed ?
>>
>>
>> You can send TCP/IP packets with fake return addresses fairly easily. But
>> to take advantage of it in an attack against a web server is hard, I
>> believe, as the HTTP response would get routed to the real address.
>>
>
> Just kinda thinking out loud... by why not limit access to the directory
> your scripts are in with .htaccess or IIS's authentication? That'd
> probably be a bit more secure than relying upon the REMOTE_ADDR.
Not an answer to your solution, but a suggestion that instead of writing out
a meta tag refresh you might want to do this instead:
header("Location: /index.php");
exit;
Chris
-- Chris Hope The Electric Toolbox Ltd http://www.electrictoolbox.com/
- Next message: Wiseguy_at_work: "Re: Form results mailed to me in an attachment"
- Previous message: Me: "Having problems with my php login script"
- In reply to: Dan Tripp: "Re: Accessed based off of IP..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
