Igor Robul wrote:
We're using PAT. That means that, when I use a private host to access the internet, I could be on any one of a number of IP addresses. However, I was assuming that Marc is using the IP reported by ifconfig, which *should* be unique for each host, as opposed to the IP that connects to him, which could represent literally thousands of hosts in some cases.The only down side is it still can be faked, just like everything else.IP from which connection is made cannot be faked, at least I dont know how to fake it. So there is at least one "unfakable" part of key. But there is no real need to keep real IP in database, for privacy reasons it is better to keep one-way hash in database.
-- Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
smime.p7s
Description: S/MIME Cryptographic Signature
