[wp-hackers] Re: IP address verification for trackbacks

Otto otto at ottodestruct.com
Mon Aug 18 16:17:10 GMT 2008

On Mon, Aug 18, 2008 at 11:08 AM, Kimmo Suominen <kimmo at global-wire.fi> wrote:
> But sure, if you want to code your plugins so that they don't account
> for sites using secondary IP addresses, you can certainly choose to
> do so.

My point is that there is no legitimate reason to make sites that use
multiple addresses for the specific case of trackbacks. In other
words, if your website is going to contact me, and the IP I'm getting
that from doesn't match your site's actual IP, then there's no reason
for me to assume that you are legitimate.

The specific problem you're speaking of (SSL not working with name
based virtual hosting) is a solved one. You *can* use SSL with name
based hosting. The SNI extension to TLS was invented specifically to
solve the problem. Why not use it?

Also, the main nginx package does support TLS SNI. No "private
packages" required. See here: http://nginx.net/


More information about the wp-hackers mailing list