Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: Identifying clients

by themage (Friar)
on Dec 07, 2006 at 10:35 UTC ( #588285=note: print w/ replies, xml ) Need Help??


in reply to Identifying clients

Hi ruzam,

The way I usually handle this is by creating a MD5 of several information, including the client IP and a secret passphrase (that can be fixed - always the same, or changed at intervals, in which case all sessions would expire in the end of the period), and using this MD5 as sessionID.

This allows me to verify that the sessionID was generated for the specific IP (and maybe UserAgent, if you use this to create the MD5), and the passphrase makes it harder to generate a valid MD5 key.

To limit the number of connections per IP to a legitime limit I would use something as the Apache::SpeedLimit example given in the Writing Apache Modules book. This would prevent a bruteforce attack to the sessionID.

TheMage
Talking Web


Comment on Re: Identifying clients

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://588285]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (12)
As of 2014-07-22 20:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (127 votes), past polls