Ave, Yes I doubted MAC address could be recorded so easily, and I highly doubted Key.Com's application had anything to do with a MAC Address. If it's Cookie-Based, then in my opinion it's more of a 'show' then any actual, vital security implementation. I have everything from Cookies, IP Filter, SSL (https) to secure database-enabled user/pass authentication going on. I was curious to know what Key.Com was exactly doing.... Maybe something I missed.... I was curious to know how they were identifying each individual computer? What they were recording (or storing) to differentiate and thus uniquely id a computer. Thanks for your response. On 10/2/06 8:23 AM, "Stut" <stuttle@xxxxxxxxx> wrote: > Rahul S. Johari wrote: >> I saw this at the Key.Com website for Keybank Customers. When you go to >> their website to login to view your account, they ask you to register your >> computer for the first time. Once your computer is registered, you can >> access the account using that computer. You can choose to Not register that >> computer and you won¹t be able to access the account using that computer in >> future. >> >> What exactly are they doing? >> > It's almost certainly cookie-based. >> Can PHP record the MAC Address of the NIC in the computer? Or are they just >> > PHP cannot access this information without using a client-side > technology such as ActiveX. >> recording the IP and creating an IP based filteration? >> > This would be unreliable at best so I doubt they would be using this method. >> I¹m looking to implement a similar security system for one of my >> applications. >> >> Any advice? > There are many ways to attempt to do this, but bear in mind the > fundamental fact that nothing that comes from the client-side is > reliable. Anything you store there can be comprimised and should not be > used to bypass security checks if security is at all important in your > application. > > -Stut Rahul S. Johari Supervisor, Internet & Administration Informed Marketing Services Inc. 500 Federal Street, Suite 201 Troy NY 12180 Tel: (518) 687-6700 x154 Fax: (518) 687-6799 Email: rahul@xxxxxxxxxxxxxxxxxxxx http://www.informed-sources.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
