ERRATA (thanks jonathan)
It is NOW optional
session.connect(request,response,check_client=True) to enable the
check.
On Nov 26, 10:58 am, Jonathan Lundell wrote:
> On Nov 26, 2010, at 8:33 AM, mdipierro wrote:
>
>
>
> > It is not optional
>
> "now optional"?
>
>
>
> > session.connect(request,re
On Nov 26, 2010, at 8:33 AM, mdipierro wrote:
>
> It is not optional
"now optional"?
>
> session.connect(request,response,check_client=True) to enable the
> check.
>
> On Nov 26, 3:53 am, selecta wrote:
>> still it would be nice to have this optional
>>
>> On Nov 26, 5:06 am, mdipierro wrot
It is not optional
session.connect(request,response,check_client=True) to enable the
check.
On Nov 26, 3:53 am, selecta wrote:
> still it would be nice to have this optional
>
> On Nov 26, 5:06 am, mdipierro wrote:
>
> > True. This is a counterindication.
>
> > On Nov 25, 7:14 pm, Phyo Arkar w
still it would be nice to have this optional
On Nov 26, 5:06 am, mdipierro wrote:
> True. This is a counterindication.
>
> On Nov 25, 7:14 pm, Phyo Arkar wrote:
>
>
>
> > Most of them time i use a Remote VPN to change my IP and to access
> > Unrestricted Internet.
> > Coz internet here is very r
True. This is a counterindication.
On Nov 25, 7:14 pm, Phyo Arkar wrote:
> Most of them time i use a Remote VPN to change my IP and to access
> Unrestricted Internet.
> Coz internet here is very restrictive, (so restrictive that even google
> Blogger is banned lol) .
>
> And only about 5 outgoing
My country (Burma) ISP alos changes outgoing IP regularly. it have about 5
ips for me.
On Fri, Nov 26, 2010 at 3:19 AM, Niphlod wrote:
> still there are no counter-indication
> a session sticks to one single ip.
> users of LAN (me and my brother) "hidden" by NAT, users of large WANs
> like F
Even mac address can be captured by a java applet. Self signed java applet
can do the trick. It can raised to User's security level , and can run
system commands if he is Administrator level or root.
On Thu, Nov 25, 2010 at 11:05 PM, mdipierro wrote:
> web2py cannot access the MAC address of the
stealing cookie do not need to sniff session at all. Just a good ole XSS
will work.
On Fri, Nov 26, 2010 at 3:53 AM, guruyaya wrote:
> If I can sniff the traffic, I must have access to the router that
Most of them time i use a Remote VPN to change my IP and to access
Unrestricted Internet.
Coz internet here is very restrictive, (so restrictive that even google
Blogger is banned lol) .
And only about 5 outgoing ips thats goes out of this country.
VPN sometimes loose connection and drops me back
@michele
yeap, IP-based security sucks.
I think you missed on this paticular scenerio.
If I can sniff the traffic, I must have access to the router that
holds the data. That means, I'm on a place in the routing table, that
gets this packet, and that means I can make my IP be the same as the
user in the far end of the communication. So, i
So security is fake in large NATted networks?
2010/11/25 Niphlod :
> still there are no counter-indication
> a session sticks to one single ip.
> users of LAN (me and my brother) "hidden" by NAT, users of large WANs
> like Fastweb in Italy (and quite everyone in China, I believe) show
> the
still there are no counter-indication
a session sticks to one single ip.
users of LAN (me and my brother) "hidden" by NAT, users of large WANs
like Fastweb in Italy (and quite everyone in China, I believe) show
themself to the webserver with the same IP address in the same
session.
As long as w
@massimo
this sounds good, although stealing creditentials/intercepting
communication is most probable in the networks hidden over NAT - hence
in this case it will not work.
--
Kuba
If you have a router, then your machine's MAC address will go no
further than that. Your router's MAC address will show up in packets
sent further upstream, until that too is replaced by the MAC address
of the next device - likely either your modem or your ISP's router.
So your MAC address doesn't
web2py cannot access the MAC address of the requester. The web server
does not provide the information. The web server may not have the
information itself, depending on the OS. capturing the ethernet header
requires more privileges that the web server has.
On Nov 25, 10:21 am, Richard Vézina
wrot
16 matches
Mail list logo
