On Tue, May 23, 2006 at 04:20:58PM +0200, Uwe Hermann wrote:
On Tue, May 23, 2006 at 09:53:05AM +0200, LeVA wrote:But if one can spoof 127.0.0.1, then one can spoof anything else, so creating any rule with an ip address matching is useless.Correct. IP-based authentication is inherently flawed. If you want something like that, use strong cryptography to verify the sender/receiver (think certificates, SSL, etc.).
No, it's not inherently flawed for loopback addresses on the loopback interface. There are valid reasons to want a different set of rules on the local host than on the network. (E.g., want to be able to test without the complexity of an encryption layer, don't want overhead of encrypting both sides of a local connection, etc.) Aside from that, yeah, ip addresses shouldn't be used for authentication on untrusted networks. (Though they are useful as one layer of security, to mitigate the risk of vulnerabilities in the encryption routines.)
Mike Stone