[mod_python] weird request.connection.remote_ip value

David Harvey dmharvey at math.harvard.edu
Sun Jul 9 06:41:49 EDT 2006


On Jul 8, 2006, at 10:48 PM, Graham Dumpleton wrote:

> After more digging, '::1' means loopback interface under IPv6.
>
> Further information can be found at:
>
>   http://www.juniper.net/techpubs/software/erx/erx50x/swconfig- 
> routing-vol1/html/ipv6-config5.html

Hey thanks for tracking this down! You learn something every day.  
Much happier now.


>> Basically I want to use it as a temporary username for anonymous  
>> visitors who haven't registered for an account. Kind of like how  
>> wikipedia does. I was just a bit concerned when I saw "::1", it  
>> made me feel that using remote_ip is not a particularly reliable  
>> way to get the request IP address. Do you have any other suggestions?
>
> What happens if you have two visitors from the same remote machine?  
> You might
> be better off having the server side generate a random ID which is  
> saved back to
> the client browser using cookies. You might even use session  
> objects and the session
> SID then becomes the ID in some way. Am sure others will suggest  
> perhaps more
> secure ways of doing it.

Yeah I know the limitations :-) They might even get a new IP address  
for each request within a single session :-) I'm not really worried  
about that kind of security for this application. It's a wiki-like  
system... I just want a way for users to be able to tell whether a  
sequence of edits all come from the same (unregistered) user. Since  
that's theoretically impossible, the IP address provides the best  
approximation for the least work that I can think of right now. It's  
not that important anyway, this is all just proof-of-concept for now.  
(The system will of course use session cookies, not  IP address, to  
track *session* data.)

Thanks for your help!

David



More information about the Mod_python mailing list