Mobile app version of vmapp.org
Login or Join
LarsenBagley505

: Mod_ident not to be trusted? I'm looking at Apache's mod_ident: http://httpd.apache.org/docs/2.2/mod/mod_ident.html However, on this page it has the following disclaimer: The information should not

@LarsenBagley505

Posted in: #Apache #Authentication #Security

I'm looking at Apache's mod_ident:
httpd.apache.org/docs/2.2/mod/mod_ident.html
However, on this page it has the following disclaimer:

The information should not be trusted in any way except for rudimentary usage tracking.


Why not? What are the security trade-offs? What potential attacks exist? I have a specific use case in mind, but I need to be able to trust its output, and without any other information I can't see a way to understand what the issues might be.

Specifically: I'd like to use it for authentication. If I control the host which is using mod_ident, the host from which the connections are coming from, can ensure that no other host can connect, and control the network in between... can I trust it?

10% popularity Vote Up Vote Down

Login to follow query

More posts by @LarsenBagley505

Login to post a comment!

0 Comments

Sorted by latest first Latest Oldest Best

Back to top | Use Dark Theme