if i'm the server app, and you tell me that you're IE, v.6, i'd like the ability to somehow be able to gather information from you, such that i can then check with msoft to see if your answers match what msoft claims the answers should be. if you give wrong answers, i can then make a determination as to whether i want to talk with you, or perhaps limit the amount/type of information i allow you to access... this kind of approach goes beyond the 'user/access string' and can actually get to be rather difficult to spoof, or to break... keep in mind, this is an off the top suggestion, i'm sure if someone spent some time, there could be solutions that would be robust, doable, and reasonably secure... -bruce -----Original Message----- From: Rory Browne [mailto:rory.browne@xxxxxxxxx] Sent: Tuesday, June 21, 2005 7:39 AM To: Matthew Weier O'Phinney Cc: php-general@xxxxxxxxxxxxx Subject: Re: Re: security question...?? On 6/21/05, Matthew Weier O'Phinney <matthew@xxxxxxxxxx> wrote: > * "david forums" <dforums@xxxxxxxxxxx>: > > Why don't you try to get interactivity with ID machin which is unique, or > > with mac address. > > MAC address wouldn't work if the user is behind a proxy. I think you mean IP addresses. MAC's won't work if the user is behind a router - which they generally are, unless you're on the same network - ie on an Intranet, and even then....... > > > -- > Matthew Weier O'Phinney | WEBSITES: > Webmaster and IT Specialist | http://www.garden.org > National Gardening Association | http://www.kidsgardening.com > 802-863-5251 x156 | http://nationalgardenmonth.org > mailto:matthew@xxxxxxxxxx | http://vermontbotanical.org > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
