Re: ASP authentification by ip-number

---

• From: Ralph Wiggum <go.ahead@xxxxxxx>
• Date: Mon, 28 Apr 2008 23:14:57 +0200

---

Most of my users are behind their company's firewall. If I keep a database of firewall ip-numbers and check incoming requests against the database, wouldn't that be an ok solution?

Steve Riley [MSFT] wrote:

Wrong approach. IP addresses identify machines, not humans. They are easily spoofable, since they are always clear-text and are always unauthenticated. Plus, with your approach, authorized users will be tied to specific machines--they won't be able to access their information from other computers.

User ID/password pairs are specifically designed for the scenario you've described. Please use them.

.

---

• References:
  • ASP authentification by ip-number
    • From: Ralph Wiggum
  • Re: ASP authentification by ip-number
    • From: Steve Riley [MSFT]

• Prev by Date: Re: Password policy in domain 2003
• Next by Date: Left over certificates
• Previous by thread: Re: ASP authentification by ip-number
• Next by thread: Internet Security Software.(computer internet security)
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2008-04