[Esapi-user] Fwd: Query about the users.txt

Rickesh John generic.bloodsucker at gmail.com
Fri Mar 23 06:19:43 UTC 2012


Hey there,

I am using the users.txt file to save all the data currently. But I fail to
understand why does it save the last host address of the user on file. I
mean, sure to prevent a CSRF, but that thing is taken care of while the app
is running. Any change in the host address mid-session will be caught. Then
again, what's the need to save it on file. Also, wouldn't it be a problem
when the user actually tries to access his/her account from a totally
different network.



-- 
U're still standing coz it illegal to KilL U
-Rickesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20120323/a41a4924/attachment.html>


More information about the Esapi-user mailing list