[2316] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

REMOTE_HOST and REMOTE_ADDR security

daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?J=FCri_Kaljundi?=)
Thu Jul 4 18:44:04 1996

Date: Tue, 25 Jun 1996 19:10:05 +0300 (EET DST)
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu

How secure can the REMOTE_HOST and REMOTE_ADDR variables be considered?
Does one have to use ip spoofing in order to show false IP address or
hostname of the client?

The question is, how safe can I be in assuming, that in case I know the
user coming from a certain machine (using REMOTE_HOST or _ADDRESS), can I
be sure nobody else can make my server think they are coming from the same
machine? There will be no proxies in between, the connection will be
between the clients PC and www server (Apache).

J=FCri Kaljundi
AS Stallion
jk@stallion.ee


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2316] in WWW Security List Archive

REMOTE_HOST and REMOTE_ADDR security

daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?J=FCri_Kaljundi?=)Thu Jul 4 18:44:04 1996

daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?J=FCri_Kaljundi?=)
Thu Jul 4 18:44:04 1996