Trusting IP Addresses

How do I find the address of a client connection to make a trust decision?

Don't base security decisions on the perceived client address. Any address that we have comes from the underlying socket implementation and could be spoofed. The data that the socket has is sourced by the client. You should be using a source of information that has a verification process that the server trusts, such as a certificate, to distinguish clients.

Next time: Reader Trends

Comments

• Anonymous
  July 25, 2008
  Security programming today tends to contain large amount of plumbing code to handle the modeling, management,