Dan Muey wrote:
> Howdy,
>
> I realize that $ENV{'REMOTE_HOST'} and $ENV{'REMOTE_ADDR'} are handled
> differently and can be spoofed so don't worry I'm not basing any
> security on them.
I'm no security expert, but how can these be spoofed? They don't come from
the request headers, but are derived from the TCP connection itself.
Furthermore, how useful are these anyway? For example, I'm currently sitting
behind a NAT proxy along with 300 or so other folks, so you'll see the same
REMOTE_ADDR for any of us who visit your site. Or is that what you mean by
"spoof"?
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
