At 01:08 PM 19/11/2002 +1100, you wrote: >That'd work fine till some scumbag figured out that putting in a header >with random HTTP_X_FORWARDED_FOR values allowed them to create a rather >large hole through the restrictions :-( > >In other words, the HTTP_X_FORWARDED_FOR is user-suplied data - it's not >to be trusted. But that's not the issue - it's like the locks on the door - really there to keep the honest people away. It's easier to get around the lookup limits in other ways that generating custom request headers... Kind regards, Lucian Kafka www.conexim.com.auReceived on Fri Oct 03 2003 - 00:00:00 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:06 UTC