Argomenti
Documenti pubblicabili:1120
Scripts:1282
Documenti non pubblicabili:162
Categorie tematiche:68
.Net
|_C#
|_Visual basic.net
|_Asp.net
Active Server Pages
C++
Cascade Style Sheet
JavaScript
Mysql
Php
Xml
Java
|_Java 2 Micro Edition
|_Java server pages
|_Java Servlet
Oracle
|_PLSQL
PostgreSQL
Unix
Scripts:1282
Documenti non pubblicabili:162
Categorie tematiche:68
.Net
|_C#
|_Visual basic.net
|_Asp.net
Active Server Pages
C++
Cascade Style Sheet
JavaScript
Mysql
Php
Xml
Java
|_Java 2 Micro Edition
|_Java server pages
|_Java Servlet
Oracle
|_PLSQL
PostgreSQL
Unix
Oracle...
Script:
TO_CHAR, double pipe (||)
Unix...
Tip:
Rimuovere un file in Unix / Delete a file
PLSQL...
Script:
dbms_lob updating blob type
Shell scripting...
Script:
Script for archiving and compressing folder and file
La rabbia è creativa, la depressione è senza utilità
Dyson, Freeman J.
Php Funzione mail()
Charles Babbage(1791-1871) nel 1823 ottenne dal governo 100 Sterline per la costruzione del calcolatore Different Engine.
La rabbia è creativa, la depressione è senza utilità
Dyson, Freeman J.
Documents
Home >Security > How safe is restriction by IP address or domain name?
Restriction by IP address is secure against casual nosiness but not against a determined hacker. There are several ways around IP address restrictions. With the proper equipment and software, a hacker can "spoof" his IP address, making it seem as if he's connecting from a location different from his real one. Nor is there any guarantee that the person contacting your server from an authorized host is in fact the person you think he is. The remote host may have been broken into and is being used as a front. To be safe, IP address restriction must be combined with something that checks the identity of the user, such as a check for user name and password.
IP address restriction can be made much safer by running your server behind a firewall machine that is capable of detecting and rejecting attempts at spoofing IP addresses. Such detection works best for intercepting packets from the outside world that claim to be from trusted machines on your internal network.
One thing to be aware of is that if a browser is set to use a proxy server to fetch documents, then your server will only know about the IP address of the proxy, not the real user's. This means that if the proxy is in a trusted domain, anyone can use that proxy to access your site. Unless you know that you can trust a particular proxy to do its own restriction, don't add the IP address of a proxy (or a domain containing a proxy server) to the list of authorized addresses.
Restriction by host or domain name has the same risks as restriction by IP address, but also suffers from the risk of "DNS spoofing", an attack in which your server is temporarily fooled into thinking that a trusted host name belongs to an alien IP address. To lessen that risk, some servers can be configured to do an extra DNS lookup for each client. After translating the IP address of the incoming request to a host name, the server uses the DNS to translate from the host name back to the IP address. If the two addresses don't match, the access is forbidden. See below for instructions on enabling this feature in NCSA's httpd
Warning: include(ads/text468x15.html): failed to open stream: No such file or directory in D:\inetpub\webs\fishscriptcom\documents\view_document.php on line 131
Warning: include(): Failed opening 'ads/text468x15.html' for inclusion (include_path='.;C:\php\pear') in D:\inetpub\webs\fishscriptcom\documents\view_document.php on line 131
Marco Magnani marcomagnani@fishscript.com
Restriction by IP address is secure against casual nosiness but not against a determined hacker. There are several ways around IP address restrictions. With the proper equipment and software, a hacker can "spoof" his IP address, making it seem as if he's connecting from a location different from his real one. Nor is there any guarantee that the person contacting your server from an authorized host is in fact the person you think he is. The remote host may have been broken into and is being used as a front. To be safe, IP address restriction must be combined with something that checks the identity of the user, such as a check for user name and password.
IP address restriction can be made much safer by running your server behind a firewall machine that is capable of detecting and rejecting attempts at spoofing IP addresses. Such detection works best for intercepting packets from the outside world that claim to be from trusted machines on your internal network.
One thing to be aware of is that if a browser is set to use a proxy server to fetch documents, then your server will only know about the IP address of the proxy, not the real user's. This means that if the proxy is in a trusted domain, anyone can use that proxy to access your site. Unless you know that you can trust a particular proxy to do its own restriction, don't add the IP address of a proxy (or a domain containing a proxy server) to the list of authorized addresses.
Restriction by host or domain name has the same risks as restriction by IP address, but also suffers from the risk of "DNS spoofing", an attack in which your server is temporarily fooled into thinking that a trusted host name belongs to an alien IP address. To lessen that risk, some servers can be configured to do an extra DNS lookup for each client. After translating the IP address of the incoming request to a host name, the server uses the DNS to translate from the host name back to the IP address. If the two addresses don't match, the access is forbidden. See below for instructions on enabling this feature in NCSA's httpd
Warning: include(ads/text468x15.html): failed to open stream: No such file or directory in D:\inetpub\webs\fishscriptcom\documents\view_document.php on line 131
Warning: include(): Failed opening 'ads/text468x15.html' for inclusion (include_path='.;C:\php\pear') in D:\inetpub\webs\fishscriptcom\documents\view_document.php on line 131
Marco Magnani marcomagnani@fishscript.comCerca
Il web è un giovane media: infatti ha solo 10 anni di età.
Si pensi alla televisione o al cinema all'età di 10 anni. A quei tempi questi media erano primitivi, ancora alla ricerca della loro strada.
Venivano esplorati i limiti della nuova tecnologia, ma grandi progressi dovevano ancora essere raggiunti.
Oggi, i professionisti del web si trovano nella stessa fase. Sono pionieri che stanno ancora esplorando i limiti del nuovo media. Senza dubbio, i nostri nipoti, quando vedranno quello che abbiamo fatto pensaranno a qualcosa di elementare.
C'è ancora molto da scopire su quello che il Web può fare e suo come può essere utilizzato.
Jason Foss
Il web è un giovane media: infatti ha solo 10 anni di età.
Si pensi alla televisione o al cinema all'età di 10 anni. A quei tempi questi media erano primitivi, ancora alla ricerca della loro strada.
Venivano esplorati i limiti della nuova tecnologia, ma grandi progressi dovevano ancora essere raggiunti.
Oggi, i professionisti del web si trovano nella stessa fase. Sono pionieri che stanno ancora esplorando i limiti del nuovo media. Senza dubbio, i nostri nipoti, quando vedranno quello che abbiamo fatto pensaranno a qualcosa di elementare.
C'è ancora molto da scopire su quello che il Web può fare e suo come può essere utilizzato.
Jason Foss
Security...
Citazioni:
Sicurezza
Security...
Definizioni:
MD4, MD5 and SHA-1
Oracle...
Definizioni:
SESSION
Shell scripting...
Script:
Hide user input on screen
fishScript.Com is accessible by Mobile access technology
as mobile phones, Palm and Pocket PC .
Nicoleta e Marco Magnani tutorial, examples, courses, esempi, corsi, esercizi, appunti vari Dottoressa Nicoleta Dragu Formatrice Docente Insegnante Mediatrice Culturale Dott. Marco Magnani Universita La Sapienza Roma Master Computer Science Hunter College New York , Data Base Administrator DBA oracle System architect