RE: Semi-OT: Anti-password trading/sharing solutions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> To address Mikey's question - I am not looking for a way to 
> uniquely identify users.  For one, it's just not possible.  
> On top of that, the vast majority of members with to stay 
> anonymous for reasons that I am not even going to begin to 
> state on this list, because we all know where that will end up.

I think you have misunderstood me - I mean't uniquely identifying *clients*
- browsers.

> I am trying to ensure that one login and one password are 
> specific to one client.  Several methods of this include 
> making sure that not more than two IPs use a specific 
> login/password throughout a pre-set threshold, and on top of 
> this, the automatic blocking of IPs that attempt brute-force 
> style attacks.  These two items alone would be an invaluable 
> tool in the assurance that logins and passwords are not abused.

As I say, have a look at phpsec.org - the article on sessions is what you
want, and it will explain why doing something like that will not work as
expected.  Some proxies assign new IPs for every request from a single
client (AOL in particular).  Do you really want to exclude a large
proportion of the internet population?

HTH,

Mikey

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux