IP addresses

Results 1 to 3 of 3

Thread: IP addresses

  1. #1
    Join Date
    Dec 1969

    Default IP addresses

    Hi,<BR>I am authenticating users using a username and password database. The database then stores their IP address and the time they logged in at. The rest of the site then checks their IP address in every page and checks to see whether it is in the database. After 30 mins that IP address is invalidated.<BR><BR>What are the security drawbacks of doing this? Most people with dynamic IP addresses will have the same IP address for at least 30 minutes right?<BR><BR>Appreciate any help.<BR><BR>Thanks,<BR>Dwayne

  2. #2
    Join Date
    Dec 1969

    Default Possibly...

    ...it depends. How does your system handle people behind a firewall? I.e. if they have the same IP address, but are two separate people logging in?<BR><BR>Craig.

  3. #3
    Join Date
    Dec 1969

    Default RE: IP addresses

    In the vast majority of cases, dynamic IP addresses would tend to be on the user side of any web gateway or firewall, their machine&#039;s ip address would be different each time they want to connect to their network. When you request their ip address you&#039;ll get the IP address of the Machine making the request, i.e the users firewall.<BR><BR>The result of this would be if you had 500 users in an organisation all sharing 10 ip addresses their is a chance you could accidentally let more than one person access your pages from the same ip address.<BR><BR>The conclusion is: this isn&#039;t a foolproof way, and their are very few that are.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts