Re: Semi-OT: Anti-password trading/sharing solutions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dan Trainor wrote:
Jochem Maas wrote:


...


I don't think that this is an issue that is specific to pr0n. Sure, the first thing that we think of when we hear a traded login is actually pr0n, but it is most definately not limited to this arena.

does anybody know whether pr0n sites have a much higher 'cheat' percentage (regarding traded/cracked logins) than other kinds of sites.. for instance does the NewYorkTimes have major problems like this?

(I'll bet that regardless of whether NYT has these problems they are a
very expensive custom system in place to mitigate the problem!?)


I appreciate the kind words mentioned by Jochem and Mikey. They see through the whole stereotypical "I have a username and password" thing and understand the true technical reasoning behind my question.

we understand the issues, we know that the topic appears regularly - and that there are various bits of code out on the web that try to do, mostly we are aware that its not 100% possible, and that doing it to some acceptable level of approximation is hard... either you write it or you pay some to write it... why? simply because only monkeys work for nothing while you rake it in - unfortunately monkeys can't program (yet).

I think Richard Lynch already pointed that out but you didn't seem to get it.
(Also your explaination of what Open Source is showed a rather
Microsoftesque (i.e. purely economic) understanding of the concept - more's the pity)


To address Mikey's question - I am not looking for a way to uniquely identify users. For one, it's just not possible. On top of that, the vast majority of members with to stay anonymous for reasons that I am not even going to begin to state on this list, because we all know where that will end up.

true enough - sad to say we live in a world where looking at the 'wrong' picture can cost you your job/reputation - then again if you're oggling kiddiepr0n maybe you need a visit from the authorities.

double-edged sword and all that.

then again exactly how anonymous is a creditcard transaction!


I am trying to ensure that one login and one password are specific to one client. Several methods of this include making sure that not more than two IPs use a specific login/password throughout a pre-set threshold, and on top of this, the automatic blocking of IPs that attempt brute-force style attacks. These two items alone would be an invaluable tool in the assurance that logins and passwords are not abused.

true enough...

on a side note: maybe Dan would have been better off never mentioning his
line of business - then nobody would have been any wiser?

also you Dan, you might want to be careful how you use the word Rasmus around here

<quote>
Rasmus?  Waht's he got to do with anything?
</quote>

regardless of the context you say stuff like that in, its probably not going to go
down too well on this list...
(you might get away with it if your name was Zeev, Andi, Wez, etc)


Thanks again -dant


-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux