[mapguide-internals] MG CreateSession
Haris Kurtagic
haris at sl-king.com
Mon Jun 7 19:30:39 EDT 2010
It was question about server using IP address on which server received
TCP command CreateSession to embed into session id string.
I discuss it a bit with Jason, It could be issue with NAT conversions.
I wasn't talking about client hacking IP, Client (just to clarify,
client is not browser but web extension) has IP of server written in
webconfig.
Haris
On Tue, Jun 8, 2010 at 1:19 AM, Trevor Wekel
<trevor_wekel at otxsystems.com> wrote:
> Can the client decode the IP? Not directly. As far as I know, there is no API exposed for it.
>
> Can a hacker deduce what it IP is? Yes. The encoding is very straightforward.
>
> Regards,
> Trevor
>
>
> -----Original Message-----
> From: mapguide-internals-bounces at lists.osgeo.org [mailto:mapguide-internals-bounces at lists.osgeo.org] On Behalf Of Jason Birch
> Sent: June 7, 2010 3:15 PM
> To: MapGuide Internals Mail List
> Subject: Re: [mapguide-internals] MG CreateSession
>
> Hmm...
>
> Can the client decode the IP?
>
> Shouldn't be divulging internal IP addresses to external clients.
>
> Jason
>
> On 7 June 2010 14:13, Jason Birch wrote:
>
>> Makes sense to me.
>>
>> Maybe create an enhancement request and attach a patch? ;)
>>
>>
> _______________________________________________
> mapguide-internals mailing list
> mapguide-internals at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-internals
>
>
> _______________________________________________
> mapguide-internals mailing list
> mapguide-internals at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-internals
>
>
More information about the mapguide-internals
mailing list