> To address Mikey's question - I am not looking for a way to > uniquely identify users. For one, it's just not possible. > On top of that, the vast majority of members with to stay > anonymous for reasons that I am not even going to begin to > state on this list, because we all know where that will end up. I think you have misunderstood me - I mean't uniquely identifying *clients* - browsers. > I am trying to ensure that one login and one password are > specific to one client. Several methods of this include > making sure that not more than two IPs use a specific > login/password throughout a pre-set threshold, and on top of > this, the automatic blocking of IPs that attempt brute-force > style attacks. These two items alone would be an invaluable > tool in the assurance that logins and passwords are not abused. As I say, have a look at phpsec.org - the article on sessions is what you want, and it will explain why doing something like that will not work as expected. Some proxies assign new IPs for every request from a single client (AOL in particular). Do you really want to exclude a large proportion of the internet population? HTH, Mikey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
