ASP authentification by ip-number

---

• From: Ralph Wiggum <go.ahead@xxxxxxx>
• Date: Sat, 26 Apr 2008 22:21:29 +0200

---

How safe is it to use the client's ip-number versus posting a username/password (in cleartext) in an http request? Assuming the client's ip-number is static.

A common use-case would be a web-forum, where only VIP-users should have access to specific topics. Authentification by ip is certainly the most user-friendly, as user don't have register/remember passwords, no?

Is ip-spoofing considered easier than picking up unencrypted usernames/passwords from web-traffic? .

---

• Follow-Ups:
  • Re: ASP authentification by ip-number
    • From: Alexey Smirnov

• Prev by Date: How to encrypt the field of password
• Next by Date: Does .NET 2.0 have classes to create a SAML Assertion
• Previous by thread: How to encrypt the field of password
• Next by thread: Re: ASP authentification by ip-number
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2008-04