Trusting IP Addresses
How do I find the address of a client connection to make a trust decision?
Don't base security decisions on the perceived client address. Any address that we have comes from the underlying socket implementation and could be spoofed. The data that the socket has is sourced by the client. You should be using a source of information that has a verification process that the server trusts, such as a certificate, to distinguish clients.
Next time: Reader Trends
