Learn More
Resend Email
38
Worst security bug/feature you've seen?
Week 25 Group Rant
jdrharding
7y

Boss insisted that verification link needs to be clicked from same IP address as account registration. Many arguments later, decision is final, we will ignore the numerous ways that this will be a burden to our users.

*Code code, test test, deploy*

We're getting a lot of traffic, we need this bitch to scale! *auto-scale and load balance all the things*

Account creation begins breaking at random, some people receiving the "Your IP address doesn't match" error. Look at login history table, what the shit... All recent logins coming from internal IP addressohfuckmylife need to look at X-Forwarded-For header for actual IP behind load balancer.

IP address matching feature stays. I am sad, drink away sadness.

undefined

wk25

loadbalancerproblems
Favorite
Ranter
Comments
  • 8
    7y
    Why.... no... the users with dynamic ip will loose. This won't add any help!
  • 5
    7y
    @SweetHuman careful, you're making a bit too much sense!

    Luckily it only happens once on account verification otherwise it would be a nightmare.
  • 2
    7y
    @jdrharding i didn't make sense. I combined two ideas into one.
  • 4
    7y
    What IP the verification link is clicked from shouldn't matter. What should matter is that the IP address a session cookie was issued to is the same one using it.

    I'll quite often register something on my laptop and click the link on my phone.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment