[Lispweb] Mod_lisp 2.0 released

Daniel Barlow dan at telent.net
Tue Jun 19 15:16:14 CDT 2001


John Foderaro <jkf at franz.com> writes:

>    Security issues can be dealt with by having the app server look at
>    the source address of the request.  It's a trival matter to 
>    simply refuse to respond to requests outside of a range of IP addresses.

otoh, it's correspondingly harder to do IP address-based authentication 
from within the Lisp processes, as the peer of your connection is
always localhost.  Some proxies can do X-Proxy-Via (or whatever the
correct name is) but I'm not sure I'd really want to depend on a HTTP
header; it seems easier for a malicious client to fake.

Granted, IP authentication is not such a great idea anyway in general,
but on a reasonably trusted network it's often adequate.


-dan

-- 

  http://ww.telent.net/cliki/ - Link farm for free CL-on-Unix resources 



More information about the lispweb mailing list