Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a web application which passes an authentication key to web services for security. to avoid Man In The Middle attacks, the IP address of every request is checked against the IP address from the initial authentication request. However, when accessed from a machine that uses a proxy server, the IP address is not necessarily the same. What can i do to avoid this problem?
IP addresses are easily spoofed so this is not a terribly useful guard.
When attempting to implement a protocol level security always use someone else’s well tested and reasoned about design (and preferably implementation) over your own unless the reasons to not do so are compelling.
http://en.wikipedia.org/wiki/WS-Security exists and simply making the whole chain use https should be sufficient for your needs (so long as the overhead of the security is not a problem).