WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Tying a session to an IP address

From: "Steve McCullough" <website () showmethesmut com>
Date: Mon, 10 May 2004 16:47:45 -0300
Hi all,

When I was mulling over this very problem not so very long ago, I came
across the following AOL page, which lists the proxies:
http://webmaster.info.aol.com/proxyinfo.html


From their description, it seems that both the proxy server used by the

client AND the client IP address are apt to change.

Steve
----
Steve McCullough
web_designer::venus_envy( www.venusenvy.ca )





-----Original Message-----
From: Adam Tuliper [mailto:amt () gecko-software com]
Sent: Monday, May 10, 2004 1:00 PM
To: Imperva Application Defense Center; Paul Johnston;
webappsec () securityfocus com
Subject: Re: Tying a session to an IP address


One item to not forget is AOL's "super proxies" could
 create a problem on a scheme where you need to
reauthenticate (provided the world is able to use your
application) if the ip address changes. They have multiple
proxy servers (however, their proxy ip lists are published
so this can be worked around, but... its still a point to
note)


---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/
Previous By Date Next
Previous By Thread Next

Current thread: