ASP authentification by ip-number

Giganews Newsgroups
Subject: ASP authentification by ip-number
Posted by:  Ralph Wiggum (go.ahead@spam.me)
Date: Thu, 24 Apr 2008

How safe is it to use the client's ip-number versus posting a username/password (in cleartext) in an http request? Assuming the client's ip-number is static.

A common use-case would be a web-forum, where only VIP-users should have access to specific topics. Authentification by ip is certainly the most user-friendly, as user don't have register/remember passwords, no?

Is ip-spoofing considered easier than picking up unencrypted usernames/passwords from web-traffic?

Replies