tedd wrote:
At 12:55 PM -0400 8/4/06, John Nichel wrote:
Wait, are you telling me that I can't auth my customers based on IP
alone? Great, now how do I let them view their sensitive data? ;)
Okay, how do you?
Retina scan, and DNA sample.
Seriously though, not by IP in any way, shape or form. The only
'sensitive' data I keep for customers to view is their order history.
Credit card numbers are trashed the moment I get a response back from
the cc gateway. To get to that they just need their username and
password. If they want the system to 'remember' their login, I use a
hash of quite a few variables that I place into a cookie on their browser.
The only place I use IP to help identify a user (not really a user, but
a particular computer) is on our Intranet...and I can only safely (for
the most part) rely on this because I control the network and the IP
addresses.
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
jnichel@xxxxxxxxxxxxxxxxxxxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
