On Thu, 20 Jan 2011 03:36:03 -0600 Dave Sherohman <d...@sherohman.org> wrote:
... > Some sites do associate the originating IP address with the session data > to help protect against session hijacking, but this is not overly > widespread and, even when it is employed, it has issues with proxies > (which can cause multiple users to appear on a single address) or > reverse proxies (which can cause a single user to appear on multiple > addresses), so https really is the only surefire way to prevent it. And it also won't help against an attacker who can use your IP address, such as a MITM attacker from the local network segment. Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110120101155.01ce1804.cele...@gmail.com
