[thesite] My Intro and a look at a UEUE Proposal

[isaac]

> yes, that's a very valid observation.  some admin and god privilege
> functionality is available with the right cookie value though.
> it could be worthwhile to make sure to protect that as much as possible.

what about adding optional IP checking to the process?

so if dan (for example) knows he has a static IP (or range of IPs), he can
further restrict the possibility of having his login taken via some
scripting on MEO.

worth considering or not at all?


i