Rahul S. Johari wrote:
I saw this at the Key.Com website for Keybank Customers. When you go to
their website to login to view your account, they ask you to register your
computer for the first time. Once your computer is registered, you can
access the account using that computer. You can choose to Not register that
computer and you won¹t be able to access the account using that computer in
future.
What exactly are they doing?
It's almost certainly cookie-based.
Can PHP record the MAC Address of the NIC in the computer? Or are they just
PHP cannot access this information without using a client-side
technology such as ActiveX.
recording the IP and creating an IP based filteration?
This would be unreliable at best so I doubt they would be using this method.
I¹m looking to implement a similar security system for one of my
applications.
Any advice?
There are many ways to attempt to do this, but bear in mind the
fundamental fact that nothing that comes from the client-side is
reliable. Anything you store there can be comprimised and should not be
used to bypass security checks if security is at all important in your
application.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
