I was thinking of missing/incorrect header when the post started talking about setting IP Address from an optional header. As someone has already said, 'Never trust a client'. But while its very easy to say, its not so hard to remember in practice. I find it even harder to remember when the client is essentially some other part of your application.
tmd83|11 years ago
junto|11 years ago
http://blog.ircmaxell.com/2012/11/anatomy-of-attack-how-i-ha...
(Anatomy of an Attack: How I Hacked StackOverflow)
and this:
http://xkcd.com/327/
(Exploits of a Mom)
Never trust the client....