On Tue, Sep 16, 2003 at 03:11:04PM -0400, Perrin Harkins wrote: > On Tue, 2003-09-16 at 14:42, Zack Brown wrote: > > I want to prevent one person from having multiple accounts. > > Okay. > > > > That's correct, unless you have control over the client machines. You > > > can require cookies, which will tell you if multiple users on separate > > > browsers are sharing a login, but that's about all you can do without > > > possibly breaking your system for someone. > > > > Someone can appear to be multiple people by disabling cookies though. > > That's why I said "require" cookies: you reject all requests from people > who don't allow cookies, and then you use the cookies for tracking. A > moderately tech-savvy user can delete your cookie and log in again under > a separate account, but people who are scared of opening up prefs and > messing with cookie management (or people who simply don't care enough > to bother) will be stopped. > > If you have a fixed set of clients who are definitely not using proxies, > you can use IP instead of cookies.
Any simple way to defeat the system will end up not working. I'm looking for something truly secure. > > > I want to ensure that if person A registers to use a site, they are not > > able to register again using a different login > > Ask them for a credit card then. There's no other way that will really > work 100% of the time. That's what I figured. Even that won't work all the time, but it will probably limit people to one login per credit card. Unfortunately, then I have to get a merchant account, and there will always be some users who just don't like giving out credit card information. Be well, Zack > > - Perrin -- Zack Brown
