Re: Faking an ip?

Replies are listed 'Best First'.
Re: Re: Faking an ip? by Beatnik (Parson) on Jul 08, 2001 at 14:13 UTC
Actually, `REMOTE_ADDR` is handled by the server (address resolving). AFAIK there is no way of safely/properly changing it. The changes for the other values in your list are much higher :) Greetz Beatnik ... Quidquid perl dictum sit, altum viditur.	[reply] [d/l]
Re: Re: Faking an ip? by orkysoft (Friar) on Jul 08, 2001 at 22:32 UTC
Thanks! I only knew about the HTTP_X_FORWARDED_FOR, and never really bothered to find out more, but this can certainly provide me with more accuracy for my program, which uses IPs as a backup method to distinguish between various users (cookies being the primary method).	[reply]
Re: Re: Re: Faking an ip? by legLess (Hermit) on Jul 09, 2001 at 05:38 UTC
IPs are not a reliable way to distinguish users or sessions. AOL users, for instance, can use a different IP for each page request. Cookies aren't perfect, but they're better than IPs. Credit where it's due: Merlyn made a similar post a couple days ago. -- man with no legs, inc.	[reply]
Re: Re: Re: Re: Faking an ip? by sierrathedog04 (Hermit) on Jul 09, 2001 at 15:03 UTC
ISPs and other internet providers as well can dynamically assign IP addresses using DHCP. The client machine knows its own IP address because the network tells the client. I have never heard of a network routinely changing its clients' IP addresses in midsession, however, and I doubt that it occurs very often. Cookies have the disadvantage that users can reject them and browsers can not support them. On the other hand, IP addresses are stable enough to support the session and everyone has one. It's guaranteed.	[reply]
RE: Faking an ip? by legLess (Hermit) on Jul 09, 2001 at 21:29 UTC
Re: RE: Faking an ip? by sierrathedog04 (Hermit) on Jul 09, 2001 at 22:51 UTC
Re: Re: Re: Re: Faking an ip? by orkysoft (Friar) on Jul 09, 2001 at 13:45 UTC
I know that. That's why the IP addresses aren't considered by the program. It uses cookies, but if necessary, I can examine the logs myself, which do contain IPs. It tries to look through proxies by reading the X_HTTP_FORWARDED_FOR header (and soon also those other headers :-), to record the 'real' IP (or as much as that's possible), just in case someone would be trying to 'cheat'.	[reply]