OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [PEN-TEST] Your opinions are solicited ...
From: Frank Knobbe (FKnobbeKNOBBEITS.COM)
Date: Tue Oct 31 2000 - 11:02:53 CST


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Paul Robinson [mailto:paulAKITANET.CO.UK]
> Sent: Tuesday, October 31, 2000 9:59 AM
>
> [...]
> In
> addition I'd probably do some session-authentication with
> changing cookies
> per transaction, combined with IP authentication.
> [...]

IP authentication? In today's world or access through NATed firewall
or proxy servers, or providers like AOL, all in an Internet
environment increasingly becoming akamaied... uhm... cached, I
strongly doubt that IP authentication is viable. Take AOL users for
example: One request appears to be coming from proxy1.aol.com, the
next request from proxy3.aol.com. That would mean that your 'IP
authenticated' web page will invalidate the second request.

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOf77PURKym0LjhFcEQJnqACfdAodtrCcF3p8EcR8Mv3nL5bkYWsAnjN0
t2o4wmVDlPG83vgB+wMxHQtb
=YBqC
-----END PGP SIGNATURE-----