|Subject:||ASP authentification by ip-number|
|Posted by:||Ralph Wiggum (firstname.lastname@example.org)|
|Date:||Thu, 24 Apr 2008|
How safe is it to use the client's ip-number versus posting a username/password (in cleartext) in an http request? Assuming the client's ip-number is static.
A common use-case would be a web-forum, where only VIP-users should have access to specific topics. Authentification by ip is certainly the most user-friendly, as user don't have register/remember passwords, no?
Is ip-spoofing considered easier than picking up unencrypted usernames/passwords from web-traffic?