Jump to content

IP Information

Kryptix

By Kryptix
in PHP Coding Help

 Share

Recommended Posts

Kryptix Regular Member

Kryptix

Posted
Posted

Not so much of a programming problem as such but if I add the ability to recover accounts via IP address, is it possible to spoof an IP address? Is it a bad idea to automatically allow a user to reset a password if their IP (according to PHP) matches the IP that created the account?

Link to comment
Share on other sites
Kryptix Regular Member

Kryptix

Posted
  • Author
Posted
What if the member's ISP hasn't put them on a static IP address (as is usually the case)?

 

Or if someone else is on the computer  of the member?

Not really worried about that I was just wondering if someone could manage to spoof another IP through header modification or whatever to trick PHP?

Link to comment
Share on other sites
Kryptix Regular Member

Kryptix

Posted
  • Author
Posted

Spoofing aside, IP addresses change. That alone makes it a terrible idea to try a system such as you've described.

It would be a recovery process, just a part of the overall process but all I'm interested in is whether or not it can be spoofed.

Link to comment
Share on other sites
Pawn Member

Pawn

Posted
Posted

Not so much of a programming problem as such but if I add the ability to recover accounts via IP address, is it possible to spoof an IP address? Is it a bad idea to automatically allow a user to reset a password if their IP (according to PHP) matches the IP that created the account?

Yes. Yes.

Link to comment
Share on other sites
DarkMantis Newbie

DarkMantis

Posted
Posted

To be perfectly honest, you sound like your trying to do this as an attackers point of view. It seems like you know a system which does this and you are trying to trick it.

 

However, to answer your question, yes you can spoof IP's, however, that's not to say you will receive any data back through that IP address as you are not that machine. Spoofing an IP would be just sending out Data from your machine and in the packet headers you would be IP XXX.XXX.XXX.XXX instead of YYY.YYY.YYY.YYY.

 

You cannot receive the data back from the spoofee, as it were, unless you are on their network.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.