From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Nala Ginrut Newsgroups: gmane.lisp.guile.user Subject: Re: mailmam, web bridge, forum, p2p (was: Diversification) Date: Fri, 25 Oct 2019 07:42:41 +0800 Message-ID: References: <-IsD5PBFie-kW2VJSYNHx00LodtSHflKNWtY2vjNVQDN126iTMsqHrdxl8zeWE8a53TzM_27wskjsrylIh4bN5jIGVNYOBC6zmE3p1RGyBg=@protonmail.com> <20191023064813.6igo2qi2cwtcz5bz@pelzflorian.localdomain> <20191023113724.bf055453852ec206af8d7bef@gmail.com> <20191023112544.5s65wrzbexnlsj22@pelzflorian.localdomain> <20191023123343.wanooc44orpyo7tk@pelzflorian.localdomain> <20191024123023.rvedpc5uqrm5ku6v@pelzflorian.localdomain> <11d013a9-74af-95e7-67d0-497682c268e3@posteo.de> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="58842"; mail-complaints-to="usenet@blaine.gmane.org" Cc: Guile User To: Zelphir Kaltstahl Original-X-From: guile-user-bounces+guile-user=m.gmane.org@gnu.org Fri Oct 25 01:43:17 2019 Return-path: Envelope-to: guile-user@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iNmlB-000FCq-3e for guile-user@m.gmane.org; Fri, 25 Oct 2019 01:43:17 +0200 Original-Received: from localhost ([::1]:52334 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNml9-000791-OQ for guile-user@m.gmane.org; Thu, 24 Oct 2019 19:43:15 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:52671) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNmko-0006zd-Lj for guile-user@gnu.org; Thu, 24 Oct 2019 19:42:55 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iNmkn-00016M-Dc for guile-user@gnu.org; Thu, 24 Oct 2019 19:42:54 -0400 Original-Received: from mail-yb1-xb33.google.com ([2607:f8b0:4864:20::b33]:44618) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iNmkn-00015p-8Y for guile-user@gnu.org; Thu, 24 Oct 2019 19:42:53 -0400 Original-Received: by mail-yb1-xb33.google.com with SMTP id v1so218149ybo.11 for ; Thu, 24 Oct 2019 16:42:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ie4WXTig6ZmccUCefNEe3tquXpTvrSADq9tngxfupxA=; b=QdntX91/2HM+DJE/sukYPHjhUhuk9DUv4EsJIcGgTagO550ZoopjDKMKIzQg/+odNl e9rCrFU2zpqIC1QpXXSn3vXedBg5TZjn+C43KnCy8JeXwWjsZMtXfLza7lhluh0ROfsE UCHGrfpEWvAEvcUAVcTBhemzxght0gcXHeOau/AsotUI3bZIGEmSm5/nkK99uB4pVwln lRBE4zFzbj05QDcAp2cmEqLAMusq6DitvjIRYQr38UYHdpwNVThQmw+PnZGNYDJoVYDR bqZjuuPjJCm9zK4HNJIGDUxpxsSN0uAX2Kd4PREOn92fb5SE58XW3vtg++EAkHN0i1/S PLkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ie4WXTig6ZmccUCefNEe3tquXpTvrSADq9tngxfupxA=; b=oGx+/gznPCjXvP2REI8n2xg1MxW6xoImA7kQFM/yjjPMkpzygKGbKtrg4RqSwU9I3i I1groNCj3oyBzVSjgtkCP023wSs1BjiYZG/zInz6UH4yAYHGEptzTQsEbTn47dnzH1EU Ew0YqGd9KPcGZsHsrCUiuarQe0khDFgJ/OTcv5fqgwM0E+Ex8X35wHYSkS4Romc+jmlG KHZhNC892a6wsT5KbyUk/0hUWZXmC98XqSFDFfEZNfxGqWKJ+wE0ca0gMkZT0Qt8/D/e AdUCunrDUOxOuofYjbKNA8p80tx64LG90s7aID6aeuZcB7P8gRG1g9Y2TJISsYknjAOW pzJQ== X-Gm-Message-State: APjAAAV7tZbyScksrtU2WCnYpyyG3eK+etsuXk4en77JWifpVjSwGLB7 GGYGnx+HuynBoU5L03WedchjoWmZs4FQCnlJzqQ= X-Google-Smtp-Source: APXvYqyusGKXvzawylTY+Lr5SiDOfxYmMRh3E/VAt+fDQEyjMiAkq4zSEXFRkLqvN+oglNSEDXOCQW31eMp7aZSnY98= X-Received: by 2002:a25:238b:: with SMTP id j133mr834876ybj.342.1571960572358; Thu, 24 Oct 2019 16:42:52 -0700 (PDT) In-Reply-To: <11d013a9-74af-95e7-67d0-497682c268e3@posteo.de> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::b33 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: General Guile related discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-user-bounces+guile-user=m.gmane.org@gnu.org Original-Sender: "guile-user" Xref: news.gmane.org gmane.lisp.guile.user:15835 Archived-At: Yes, you need to login if you change IP, but the last IP keeps session. BTW, encoding token in URL is bad for SEO. Zelphir Kaltstahl =E4=BA=8E 2019=E5=B9=B410=E6= =9C=8825=E6=97=A5=E5=91=A8=E4=BA=94 01:44=E5=86=99=E9=81=93=EF=BC=9A > Hi Nala! > > I have a question regarding this IP check. > > Does this mean that both, the IP address and (logical and) the cookie > need to be correct, or is it an inclusive logical or? > > I sometimes find myself switching location of the server of the VPN I am > using. In such a case, would I still be logged in, based on the correct > cookie, or would I be logged out, because my IP address does not match > my previous address? > > Regards, > > Zelphir > > On 10/24/19 4:15 PM, Nala Ginrut wrote: > > On Thu, Oct 24, 2019 at 8:30 PM pelzflorian (Florian Pelz) < > > pelzflorian@pelzflorian.de> wrote: > > > >> Because of login CSRF the Referer header should also be verified for > >> all links internal to the website (external links should strip the > >> Referer header via redirect pages similar to what the code attached to > >> this mail does). > >> > >> I do not know what Artanis does currently. I will check next week. > >> > >> > > The current Artanis will check both session token (from cookies) and th= e > > client IP. > > This method was blamed to be overkilled because some users may be in th= e > > same LAN with a unique external IP. > > But I think IPv6 will cover this world finally, so I think this would b= e > > the best way to go. > > Of course, there's no conflict to add extra verification token. Patches > or > > proposals are welcome. ;-) > > > > Best regards. > >