web2py cannot access the MAC address of the requester. The web server does not provide the information. The web server may not have the information itself, depending on the OS. capturing the ethernet header requires more privileges that the web server has.
On Nov 25, 10:21 am, Richard Vézina <ml.richard.vez...@gmail.com> wrote: > What about the MAC address? > > In intranet a user can bump a other user IP easily > > Consider this under windows > :http://www.wikihow.com/Change-your-IP-Address-%28Windows%29 > > Not sure you can pick particular IP. > > With a VM under Linux you can pick the IP you want... It will conflict on > the network but it will works at least to hack web2py if you stole the > cookies... > > Richard > > On Thu, Nov 25, 2010 at 11:05 AM, mdipierro <mdipie...@cs.depaul.edu> wrote: > > Consider this scenario... > > > You use http to login and somebody intercept the communication, steals > > the cookie and logins using your credentials. > > > This is no more possible. Now web2py check that the IP of the client > > is the same as the IP of the client that started the session. If the > > cookie is stolen and/or used from a different IP, web2py refuses to > > open the corresponding session. > > > I do not see any counter-indication. Comments? > > > Massimo > >
