Web Servers on Unix and Linux - time-based authentication (like pop-before-smtp)

This is Interesting: Free IT Magazines  
Home > Archive > Web Servers on Unix and Linux > October 2004 > time-based authentication (like pop-before-smtp)





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author time-based authentication (like pop-before-smtp)
Kenneth Porter

2004-10-21, 8:46 pm

I was thinking about the leached image problem and it occured to me that
something like email's pop-before-smtp solution might be applicable. When a
client fetches a non-image page, its IP and a timestamp is recorded to a
database. When an image is requested, the client's IP is checked to see if
it has requested other non-image content recently. A background daemon
expires old DB entries.

Has anyone built something like this?

Proposed logic:

if (content-type is-in leached-class) and (now() - DB{IP}.timestamp >
timeout)
then reject
DB{IP}.timestamp = now();

(leached-class includes images, sounds, and other things we want to limit
access to.)
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com