-
Type:
Suggestion
-
Resolution: Low Engagement
-
None
-
Component/s: Authentication / Security
Currently Crowd offer a (limited) form of application client validation based on the ip address of the application client.
Using the ip address of a client to validate its authenticity is not fail safe. Wouldn't it be a lot better to provide other ways of determining the application client? For example using client side SSL certificates?
