-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andreas Kasenides wrote:
| hi everybody,
| Is there a way to protect images from defacement
| ie upload of a bogus image with the same name as
| a valid image?
Protect the image page.
| On a relevant issue how is it possible for an attacker to forge its
| true ip address? Can that be prevented.
"True" IP address is a tricky thing to determine. Right now my
computer's IP address is 10.0.0.87, but this is a private network
address on my home network. Packets coming from my computer to the
outside internet go through a router which has some other IP address,
and that's what you would see when I make an edit to a wiki on the Internet.
Similarly, the request could be sent through an intermediary proxy
server, in which case the wiki would see the proxy's internet IP address
instead of my router's internet-side address. The proxy _might or might
not_ report my router's address as having been the original source. It
might even report some randomly invented address.
Proxy servers are typically used to aggregate requests from many client
machines at a company or ISP, to reduce bandwidth use by caching or to
increase security by reducing the number of outside points required to
be open to the internet (or both). There are also proxy servers out
there specifically for the purpose of letting anyone use them to hide
the source of their web requests (as well as many misconfigured proxies
which allow this to happen without the intention of their owners).
See past threads on open proxy blocking and related issues.
- -- brion vibber (brion @
pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (Darwin)
Comment: Using GnuPG with Thunderbird -
http://enigmail.mozdev.org
iD8DBQFB9Nf5wRnhpk1wk44RAhqiAKCZvjpz64kgIt4HjlrIlI2aT2wxNACgiX3M
xMPup/poRLtXQUJ49E3WgA4=
=lx18
-----END PGP SIGNATURE-----