[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-users] Re: [Phpgroupware-developers] AOL Users

From: Dan Kuykendall (Seek3r)
Subject: [Phpgroupware-users] Re: [Phpgroupware-developers] AOL Users
Date: Tue, 27 Nov 2001 10:28:33 -0800

James Lewis wrote:
> Hi All,
>     I have a couple of AOL users who are trying to user phpgw. I understand
> that for some reason AOL users' web requests come from different IP
> addresses during the same session which stops phpgw from working.
>     Is there a get around or a quick fix for this? With one user it wasn't a
> big deal, but now with two, possibly three (out of 10 or so) its becoming a
> problem.

Edit your phpgwapi/inc/ and look for where we check
for the IP address in the SQL statement. Just delete that part and give
it a run.
The problem/risk is that it will then be easier for a "bad guy" to
hijack a users session by simply discovering the sessionid and start
using it. If you are going to disable the check against the IP address,
then I suggest doing everything over SSL (https) so that the sessionid
along with everything else will be encrypted and safe from a simple
sniffer attack.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]