Subject Re: [Firebird-Architect] Can we, can we, can we????...
Author Jim Starkey
Claudio Valderrama C. wrote:

>And I forgot to say that IP addresses aren't reliable since you can spoof
>them with raw sockets, so a token that's hard to guess seems the best
I'm not disagreeing with your point, but are you sure that sockets can
be spoofed? Somebody can always forge an IP packet with a bogus sender
address, but the response is going to go there, not the forger, and will
get appropriately dropped on the floor.

But certainly IP address is no way to identify a user, ergo request tokens.