Comments on: PHP Web Services – Authentication Based on Client’s IP http://www.dimuthu.org/blog/2008/12/27/php-web-services-authentication-based-on-clients-ip/ Waiting for your comments Mon, 15 Mar 2010 02:10:31 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: nik http://www.dimuthu.org/blog/2008/12/27/php-web-services-authentication-based-on-clients-ip/comment-page-1/#comment-19093 nik Mon, 08 Feb 2010 16:33:16 +0000 http://www.dimuthu.org/?p=862#comment-19093 hi Dimuthu You have done good job for Ip based authentication. But here I have done using username password based authentication. You can check it from this link. http://my-source-codes.blogspot.com/2010/02/php-nusoap-web-services-and.html Thanks. hi Dimuthu You have done good job for Ip based authentication.
But here I have done using username password based authentication.
You can check it from this link.

http://my-source-codes.blogspot.com/2010/02/php-nusoap-web-services-and.html

Thanks.

]]> By: dimuthu http://www.dimuthu.org/blog/2008/12/27/php-web-services-authentication-based-on-clients-ip/comment-page-1/#comment-2306 dimuthu Sun, 28 Dec 2008 01:58:29 +0000 http://www.dimuthu.org/?p=862#comment-2306 Hi Nabeel, Thanks for the note. I think I got what you are pointing out. Server possibly determine the source IP from the header of the IP packet, which can be easily regenerated with a fake source IP by some attacker. Here I was answering to the problem asked in the forum <a href="http://wso2.org/forum/thread/4609" rel="nofollow">http://wso2.org/forum/thread/4609</a>, <a href="http://wso2.org/forum/thread/4659" rel="nofollow">http://wso2.org/forum/thread/4659</a>. I will mention your note in there too. Thanks Dimuthu Hi Nabeel,
Thanks for the note.
I think I got what you are pointing out. Server possibly determine the source IP from the header of the IP packet, which can be easily regenerated with a fake source IP by some attacker.
Here I was answering to the problem asked in the forum http://wso2.org/forum/thread/4609, http://wso2.org/forum/thread/4659. I will mention your note in there too.

Thanks
Dimuthu

]]> By: Nabeel http://www.dimuthu.org/blog/2008/12/27/php-web-services-authentication-based-on-clients-ip/comment-page-1/#comment-2301 Nabeel Sat, 27 Dec 2008 23:57:16 +0000 http://www.dimuthu.org/?p=862#comment-2301 This comment is not directly related what you are pointing out in this entry. However, it may serve as a precautionary measure. In the absent of filtering at routers/firewalls, this method is vulnerable to IP spoofing attacks. Therefore, in such situations IP based authentication should not be used as a replacement to other authentication methods, such as WS-Sec username-token, but rather as a complement if the operation being protected is very sensitive. This comment is not directly related what you are pointing out in this entry. However, it may serve as a precautionary measure. In the absent of filtering at routers/firewalls, this method is vulnerable to IP spoofing attacks. Therefore, in such situations IP based authentication should not be used as a replacement to other authentication methods, such as WS-Sec username-token, but rather as a complement if the operation being protected is very sensitive.

]]>