Re: ASP authentification by ip-number
- From: Alexey Smirnov <alexey.smirnov@xxxxxxxxx>
- Date: Mon, 28 Apr 2008 00:51:25 -0700 (PDT)
On Apr 26, 10:21 pm, Ralph Wiggum <go.ah...@xxxxxxx> wrote:
How safe is it to use the client's ip-number versus posting a username/password (in cleartext) in an http request? Assuming the client's ip-number is static.
A common use-case would be a web-forum, where only VIP-users should have access to specific topics. Authentification by ip is certainly the most user-friendly, as user don't have register/remember passwords, no?
Is ip-spoofing considered easier than picking up unencrypted usernames/passwords from web-traffic?
This way will not work when IP is not static, on a public computer, or
when client is behind a proxy. User-friendly authentication is
typically achieved by using the user’s cookies. Once the user has been
logged on, save the forms authentication ticket in the browser’s
cookies and set expiration, which is the date and time at which the
browser discards the cookie. When the forms authentication cookie
expires, the user can no longer be authenticated automatically. This
is what you usually get when the login form has a “Remember me”
checkbox.
.
- References:
- ASP authentification by ip-number
- From: Ralph Wiggum
- ASP authentification by ip-number
- Prev by Date: Re: Does .NET 2.0 have classes to create a SAML Assertion
- Next by Date: RE: Internet Explorer zones do not have secure settings for some u
- Previous by thread: ASP authentification by ip-number
- Next by thread: Does .NET 2.0 have classes to create a SAML Assertion
- Index(es):
Relevant Pages
|
|
