On Mon, October 2, 2006 7:07 am, Rahul S. Johari wrote: > I saw this at the Key.Com website for Keybank Customers. When you go > to > their website to login to view your account, they ask you to register > your > computer for the first time. Once your computer is registered, you can > access the account using that computer. You can choose to Not register > that > computer and you won¹t be able to access the account using that > computer in > future. > > What exactly are they doing? Almost-for-sure, they are just giving you a dated cookie instead of a session cookie, and that's it. > Can PHP record the MAC Address of the NIC in the computer? Or are they > just > recording the IP and creating an IP based filteration? They are almost-for-sure not getting your MAC because that's impossible to the best of my knowledge. And they'd have to be complete and total idiots to use the IP address for authentication/identification. Though, honestly, if this is your BANK, they've really got no business allowing you to "register" your computer like this... I mean, somebody breaks into your home and takes the thing, and "poof" there went your bank account too? [the follow paragraph ASSUMES the existence of a likely virus and security hole to be exploited. It is not a statement of existing fact.] Or some nifty new virus comes along, and they find your cookies with that known security hole for Keybank in there with a way to get to your bank account?! > I¹m looking to implement a similar security system for one of my > applications. I mean, yeah, for some stupid on-line forum or something, sure. But your bank acount?! No way, Jose. Don't do it. > Any advice? Read the cookies spec. Use the set_cookie_params function in the PHP manual. There really isn't a whole lot to this... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
