Anyone know how to capture the UUID from a request?  I've been looking all over the 
place and cant seem to find any reference to it anywhere ...

K





-----Original Message-----
From: Roger Davenport [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 02, 2003 12:55 PM
To: Perrin Harkins
Cc: [EMAIL PROTECTED]
Subject: RE: collecting unique client (computer) specific info?


Apologies..  yes, this was meant for the list!!

Roger

On Tue, 2003-09-02 at 14:29, Perrin Harkins wrote: 
Did you mean to send this to the list?  It only went to me.

On Tue, 2003-09-02 at 15:23, Roger Davenport wrote:
> The session ID only lasts a certain time.. anywhere from a couple of
> minutes to a couple of days (varies widely).  SSLv2 is 16 bytes, and
> SSLv3/TLS is anywhere from 1 to 32 bytes.  The session ID is
> essentially a value which saves the client and server from having to
> handshake every time.  But if you get a matching value, chances are
> that you have the same machine if it's within a reasonable amount of
> time.
> 
> Roger
> 
> On Tue, 2003-09-02 at 13:40, Perrin Harkins wrote: 
> > On Tue, 2003-09-02 at 14:23, kfr wrote:
> > > Yes, sorry.  I have a site that allows my customers to become members via
> > > monthly credit card subscription.  The problem is we've been getting
> > > fraudulent credit card transactions and need some mechanism to detect a user
> > > who is a repeat offender so I can detect them trying to submit yet another
> > > bogus CC for access.
> > 
> > Okay, that makes sense.  Unfortunatey, there's no foolproof way that I'm
> > aware of.  To begin with, you can try using a cookie.  This will stop
> > anyone who is not very technical.  Beyond that, I have heard that
> > there's some kind of unique identifier in SSL that you may be able to
> > use.  I know this because the f5 big/ip load balancers used it.  Check
> > into that.
> > 
> > - Perrin



--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html

Reply via email to