Host-based access control
identified by IP address
- spoofing possible
- can usually be blocked at site router
identifies the machine, not the user
who may be using
- public accounts ?
- open access machines ?
- caches/proxies ?
beware of alternate file names
- controls usually rely on pattern matches