NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2000-10

Subject: Re: [PEN-TEST] Your opinions are solicited ...
From: Frank Knobbe (FKnobbeKNOBBEITS.COM)
Date: Tue Oct 31 2000 - 11:02:53 CST

Next message: Erik Tayler: "Re: [PEN-TEST] WebEx security?"
Previous message: Ed Lamaster: "[PEN-TEST] Looking for slides"
Maybe in reply to: Jim Miller: "[PEN-TEST] Your opinions are solicited ..."
Next in thread: Paul Robinson: "Re: [PEN-TEST] Your opinions are solicited ..."
Maybe reply: Frank Knobbe: "Re: [PEN-TEST] Your opinions are solicited ..."
Reply: Paul Robinson: "Re: [PEN-TEST] Your opinions are solicited ..."
Reply: L.W.: "Re: [PEN-TEST] Your opinions are solicited ..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Paul Robinson [mailto:paulAKITANET.CO.UK]
> Sent: Tuesday, October 31, 2000 9:59 AM
>
> [...]
> In
> addition I'd probably do some session-authentication with
> changing cookies
> per transaction, combined with IP authentication.
> [...]

IP authentication? In today's world or access through NATed firewall
or proxy servers, or providers like AOL, all in an Internet
environment increasingly becoming akamaied... uhm... cached, I
strongly doubt that IP authentication is viable. Take AOL users for
example: One request appears to be coming from proxy1.aol.com, the
next request from proxy3.aol.com. That would mean that your 'IP
authenticated' web page will invalidate the second request.

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOf77PURKym0LjhFcEQJnqACfdAodtrCcF3p8EcR8Mv3nL5bkYWsAnjN0
t2o4wmVDlPG83vgB+wMxHQtb
=YBqC
-----END PGP SIGNATURE-----

Next message: Erik Tayler: "Re: [PEN-TEST] WebEx security?"
Previous message: Ed Lamaster: "[PEN-TEST] Looking for slides"
Maybe in reply to: Jim Miller: "[PEN-TEST] Your opinions are solicited ..."
Next in thread: Paul Robinson: "Re: [PEN-TEST] Your opinions are solicited ..."
Maybe reply: Frank Knobbe: "Re: [PEN-TEST] Your opinions are solicited ..."
Reply: Paul Robinson: "Re: [PEN-TEST] Your opinions are solicited ..."
Reply: L.W.: "Re: [PEN-TEST] Your opinions are solicited ..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]