Re: Semi-OT: Anti-password trading/sharing solutions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



f00l wrote:
> Come here to get help, not abuse
> for what its worth:
> sql dbase with fields
> username    pass    ip    time
> if duplicate username/passowrd then check that IPs match and dont do
> anything
> if IPs <> match then kick both users off / disable username/password
>
> go figure the code out yourself
> here is the "idea" which is the most you have got out of anyone

My repsonse was actually intended to be useful, not abusive.

Both you and Dan took it as far more negative than it was meant -- I
sincerely believe he's going about getting what he wants in an inefficient
way, and provided a path I thought would lead to a better solution.

More importantly, YOUR ANSWER IS WRONG!

IP address is *NOT* *NOT* *NOT* a reliable way to identify a user.

AOL users change IP address faster than you can blink.

Large corporate users share IP addresses behind a firewall.

And, if you really care about your member access, IP addresses can be
spoofed by relatively knowledgable users, so even if IP-sharing didn't
happen, it's still not reliable.

Have a nice day.

PS Top-posting is also frowned upon here, though I personally don't care
when it's done with some reasonable sense.

Everything below this line is REALLY old stuff.  Hit delete now.

> "Dan" <info@xxxxxxxxxxxxxxxx> wrote in message
> news:4223BAB2.1050906@xxxxxxxxxxxxxxxxxxx
>> Richard Lynch wrote:
>>> Dan Trainor wrote:
>>>
>>> I'm not quite sure why you chose the PHP community as a recipient --
>>> There
>>> are quite a few Apache modules out there.
>>>
>>> And Modules such as mod_auth_mysql and mod_auth_ldap (?) and, really,
>>> any
>>> old mod_auth_XYZ module would be a closer "match" for what you want, I
>>> think.
>>>
>>> I know absolutely nothing about how ProxyPass, iProtect, and PureMember
>>> work, however, so perhaps there is something about them that just
>>> screams
>>> "use PHP to do this"  [I doubt it though]
>>>
>>> It seems to me, however, that you're still a bit off-target on
>>> PHP-General, as your target audience is not those who use PHP, but
>>> those
>>> who wrote it and maintain it, particularly the Apache Module part of
>>> it.
>>>
>>> I believe, in fact, that the Apache Module part of it boils down to the
>>> code Rasmus Lerdorf wrote ages and ages ago, and that mostly Rasmus (I
>>> think) has maintained since then.
>>>
>>> Perhaps with Apache 2, somebody else stepped up to write/maintain that
>>> code, and I'm under-informed.
>>>
>>> Or maybe Rasmus hasn't touched that code in ages, and somebody else is
>>> doing it now.  Apologies to those individuals who I've slighted by not
>>> naming them at this time.
>>>
>>> At any rate, you're trying to get in contact with a handful of people
>>> by
>>> sending email to thousands.  Bad Idea #1.
>>>
>>> NOTE: Contacting Rasmus directly and offering him $$$ to do this would
>>> maybe not be a Bad Idea.  Asking him to do it for free would be really
>>> stupid.
>>>
>>> Next, let's look at your proposal:
>>>
>>> You want something that Member Sites need, to avoid the theft/sharing
>>> of
>>> username/passwords.
>>>
>>> So, in particular, only for-pay Member Sites need this, mostly, as
>>> there's
>>> not much point in stealing/sharing a username/password if you can just
>>> get
>>> one for free.
>>>
>>> So, basically, it's a for-profit motivator that drives this request.
>>>
>>> Yet nowhere do I see an offer of recompense for the developers who
>>> write
>>> this software for you.  Bad Idea #2.
>>>
>>> I highly recommend you figure out what it would be worth to you and
>>> some
>>> of your colleagues/friends to have an OpenSource solution to rival the
>>> current proprietary technologies.
>>>
>>> Take up a collection or form a very loose consortium with some of your
>>> colleagues to fund the project.
>>>
>>> Then write up a specification for what you want done, and make an offer
>>> to
>>> PAY somebody and fund the resources needed to get the project from its
>>> current state (gleam in your eye) to a usable state.
>>>
>>> You could and probably should still make it OpenSource -- Perhaps with
>>> "Funded by: " attributions on all source code and materials to plug
>>> your
>>> consortium and its members -- and then when it's at the stage of
>>> usefulness that you need, you will probably find that some people are
>>> willing to maintain it for little or no money at all.
>>>
>>> Right now, though, you've got a lot of people seeing:
>>>
>>> "I want you to work for me for free so I can save thousands of dollars
>>> every month"
>>>
>>> That ain't gonna happen, dude.
>>>
>>> People wrote PHP and Apache and other OpenSource software because THEY
>>> needed it for THEIR own use, and were willing to give it to you for
>>> FREE
>>> because they knew that giving away 10,000 free copies would get them
>>> one
>>> (1) more Developer to help build/improve the software.
>>>
>>> They did *NOT* do it because they wanted you to be able to run your
>>> company on free software.
>>>
>>> Which is not to say that they *MIND* that you can do that -- Only that
>>> they're not going to just up and code something just because *YOU*
>>> happen
>>> to need it to run your company more efficiently.
>>>
>>> You've got zero incentive for the Developer here -- They don't need the
>>> Module you want, and you're not paying them.  [shrug]
>>>
>>
>>
>> Go ahead and look at my first email.  For some reason you didn't get the
>> idea that I was looking for solutions.  Ideas.  I wasn't looking for
>> anything solid.
>>
>> The reason why I wrote to the PHP community was to get some ideas. Aside
>> from the two people who have sent me hatemail today, the PHP comunity is
>> very intelligent, very clever, and might have worked on something like
>> this in the past.  That's the information that I was after.
>>
>> Rasmus?  Waht's he got to do with anything?  Sure, I value and credit
>> the
>> work he's put into PHP, but I really think that using his name in this
>> context has no point.
>>
>> Who asked anyone to write any software for me?  Again, let's focus on
>> the
>> primary purpose of this email - to gather information so that I can do
>> some further investigation.
>>
>> You know, you're right.  It's stupid for me to think that Open Source
>> software is used in for-profit situations.  PHP, Apache, MySQL, Linux in
>> general - it's really stupid to think that they might actually help
>> someone make money, isn't it.  This is what you are saying, as per
>> "Stupid
>> Idea #2".
>>
>> I'm not going to get into an argue with you over the moral values of
>> Open
>> Source software.  I understand them fully.  Gratitude and in some cases
>> money is given to people left and right for their technical abilities by
>> myself and others.  I will always regret not being ABLE to contribute
>> more.
>>
>> But again, who said anything about actually using a product?  Again -
>> try
>> to understand the real idea of this email.  I'm not being selfish, I'm
>> not
>> being an ingrate, I am simply using tools that are freely available to
>> me
>> to create something successful.  If this involves me not contributing
>> back
>> to these people until I start actually making money, then that's how
>> it's
>> going to be.  It's an unfortunate side-effect to not having money to
>> just
>> blow it out my ass.
>>
>> Thanks for your time
>> -dant
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux