At 1:26 PM -0400 8/4/06, John Nichel wrote:
tedd wrote:
At 12:55 PM -0400 8/4/06, John Nichel wrote:
Wait, are you telling me that I can't auth my customers based on IP
alone? Great, now how do I let them view their sensitive data? ;)
Okay, how do you?
Retina scan, and DNA sample.
Seriously though, not by IP in any way, shape or form. The only
'sensitive' data I keep for customers to view is their order
history. Credit card numbers are trashed the moment I get a response
back from the cc gateway. To get to that they just need their
username and password. If they want the system to 'remember' their
login, I use a hash of quite a few variables that I place into a
cookie on their browser.
The only place I use IP to help identify a user (not really a user,
but a particular computer) is on our Intranet...and I can only
safely (for the most part) rely on this because I control the
network and the IP addresses.
Thanks.
Not that I have done this on the net, but has anyone thought about
using a fuzzy logic approach to the problem? While it wouldn't be a
perfect solution, you could set a threshold you're comfortable with.
Also while your DNA comment was meant to be humorous, it's not a bad
idea to build a "trust-index" via user actions that would be similar
to a DNA-like reasoning solution.
Just food for thought.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
