tedd wrote:
At 1:26 PM -0400 8/4/06, John Nichel wrote:
tedd wrote:
At 12:55 PM -0400 8/4/06, John Nichel wrote:
Wait, are you telling me that I can't auth my customers based on IP
alone? Great, now how do I let them view their sensitive data? ;)
Okay, how do you?
Retina scan, and DNA sample.
Seriously though, not by IP in any way, shape or form. The only
'sensitive' data I keep for customers to view is their order history.
Credit card numbers are trashed the moment I get a response back from
the cc gateway. To get to that they just need their username and
password. If they want the system to 'remember' their login, I use a
hash of quite a few variables that I place into a cookie on their
browser.
The only place I use IP to help identify a user (not really a user,
but a particular computer) is on our Intranet...and I can only safely
(for the most part) rely on this because I control the network and the
IP addresses.
Thanks.
Not that I have done this on the net, but has anyone thought about using
a fuzzy logic approach to the problem? While it wouldn't be a perfect
solution, you could set a threshold you're comfortable with.
Also while your DNA comment was meant to be humorous, it's not a bad
idea to build a "trust-index" via user actions that would be similar to
a DNA-like reasoning solution.
Just food for thought.
tedd
Either account-based authentication, or a unique ID stored in a cookie,
that's how I've done it.
Regards, Adam Zey.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
