Client IP Address Client Identification
HTTP The Definitive Guide
Early web pioneers tried using the IP address of the client as a form of identification. This scheme
works if each user has a distinct IP address, if the IP address seldom (if ever) changes, and if the web
server can determine the client IP address for each request. While the client IP address typically is not
present in the HTTP headers,
[1]
web servers can find the IP address of the other side of the TCP
connection carrying the HTTP request.
[1]
As we'll see later, some proxies do add a Client-ip header, but this is not part of the HTTP standard.
For example, on Unix systems, the getpeername function call returns the client IP address of the
sending machine:
status = getpeername(tcp_connection_socket,...);
Unfortunately, using the client IP address to identify the user has numerous weaknesses that limit its
effectiveness as a user-identification technology:
•
Client IP addresses describe only the computer being used, not the user. If multiple users
share the same computer, they will be indistinguishable.
•
Many Internet service providers dynamically assign IP addresses to users when they log in.
Each time they log in, they get a different address, so web servers can't assume that IP
addresses will identify a user across login sessions.
•
To enhance security and manage scarce addresses, many users browse the Internet through
Network Address Translation (NAT) firewalls. These NAT devices obscure the IP addresses
of the real clients behind the firewall, converting the actual client IP address into a single,
shared firewall IP address (and different port numbers).
•
HTTP proxies and gateways typically open new TCP connections to the origin server. The
web server will see the IP address of the proxy server instead of that of the client. Some
proxies attempt to work around this problem by adding special Client-ip or X-Forwarded-For
HTTP extension headers to preserve the original IP address (Figure 11-1). But not all proxies
support this behavior.
Some web sites still use client IP addresses to keep track of the users between sessions, but not many.
There are too many places where IP address targeting doesn't work well.
A few sites even use client IP addresses as a security feature, serving documents only to users from a
particular IP address. While this may be adequate within the confines of an intranet, it breaks down in
the Internet, primarily because of the ease with which IP addresses are spoofed (forged). The presence
of intercepting proxies in the path also breaks this scheme. Chapter 14 discusses much stronger
schemes for controlling access to privileged documents.
Client IP Address Client Identification的更多相关文章
- Get Client IP
How to get a user's client IP address in ASP.NET? Often you will want to know the IP address of some ...
- Linux Force DHCP Client (dhclient) to Renew IP Address
http://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/‘m using Ubuntu Linux. How to ...
- Get the client's IP address in socket.io
From: https://www.wentong.org/codex/question-2018081564702.html When using socket.IO in a Node.js se ...
- Ubuntu setup Static IP Address
Change Ubuntu Server from DHCP to a Static IP Address If the Ubuntu Server installer has set your se ...
- MySQL [Warning]: IP address 'xxxx' could not be resolved: Name or service not known
MySQL的error log 出现大量的 DNS反解析错误. DNS解析是指,将 域名解析成ip地址: DNS反解析是指,将IP地址反解析成域名: Version: MySQL Community ...
- IP address could not be resolved: Temporary failure in name resolution
今早发现mysql日志中有非常多例如以下的警告: 140724 18:41:25 [Warning] IP address '172.16.18.217' could not be resolved: ...
- 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address)
1. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address) 1 IP Address Any device connect ...
- 错误RSA host key for [ip address] has changed and you have requested strict checking.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS ...
- 解决办法: RSA host key for [ip address] has changed and you have requested strict checking.
在服务器重装后想要远程连接服务器,报错如下: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE ...
随机推荐
- 【C语言】20-static和extern关键字2-对变量的作用
一.在Java中,全局变量的定义没有严格的位置规定 全局变量可以定义在类的最前面,也可以定义在类的最尾端,也就说一个方法可以访问在它之后定义的变量. 可以看到,第4行定义的test方法可以访问第8行定 ...
- oracle 使用occi方式插入数据时中文乱码
这个是由于数据库的编码格式和我们输入的编码格式不一致导致的. 我们使用c++插入数据时数据库的中文显示??(即乱码),但同样的数据使用navicat进行插入却显示正常. 因此,问题并不是处在服务器端的 ...
- 使用eclipse进行web开发的3个lib文件夹
1.右击project>Build Path>Configure Build Path(一般是在你的项目文件夹中手动创建一个lib文件夹,里面设置若干子文件夹存放不同的jar包,然后通过C ...
- oracle 数据库中,应用程序里的连接探測语句的正确使用
oracle 数据库中,应用程序里的连接探測语句的正确使用 本文为原创文章.转载请注明出处:http://blog.csdn.net/msdnchina/article/details/3851376 ...
- Android——初学
- PHP——字符串
<?php //strlen("aaa");取字符串的长度 *** echo strlen("aaaaa"); echo "<br /&g ...
- sqlserver、mysql怎样获取连接字符串
sqlserver.mysql怎样获取连接字符串 步骤: 一.新建文本文档xxx.txt,改动文件类型为.udl 二.打开该文件,在<提供数据>中找到相应的服务. 三.在连接中选择须要的数 ...
- easyui datagrid columns 如何取得json 内嵌对象(many-to-one POJO class)
http://www.iteye.com/problems/44119 http://hi.baidu.com/lapson_85/item/7733586e60b08500a1cf0f8d ———— ...
- 很多人都不知道的监听微信、支付宝等移动app及浏览器的返回、后退、上一页按钮的事件方法
版权声明:本文为博主原创文章,未经博主允许不得转载. 在实际的应用中,我们常常需要实现在移动app和浏览器中点击返回.后退.上一页等按钮实现自己的关闭页面.调整到指定页面或执行一些其它操作的 需求,那 ...
- datagrid columns
columns: [[ { field: 'Source_Id', title: 'Source_Id', hidden: true }, //{ field: 'Current_Value', hi ...