On Mon, 8 Nov 2004, Martin Moss wrote: > I'm looking into ways of uniquely identifying a > computer.
Intel tried to implement this a while back with a unique ID in the CPU. The public was not ammused. If you do find a way, please tell us so we can find a workaround. > What I wish to do is prevent another user copying the > session cookie, from one computer to another, and then > gaining access. You can get close by using a very short session timeout, tying the IP to the cookie and putting a serial number on each form. I believe this is what my bank does. Sure, the IP can be spoofed or shared, and hackers can automate systems to defeat the timeouts and serial numbers, but it definitely raises the bar. As an added bonus, the serial numbers also help with the ubiquitous catastrophe which is the back button. -sam -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
