Thanks Justin, actually I was also thinking of the same, but just wanted to confirm that it is really not a good idea.
Was also wondering if there is any third party solution ?. Regards Manisha "Justin French" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > This first rule is never trust the client-side. > The second rule is never trust the client-side. > > This means that relying on... > a) the user accepting the cookie > b) the user always using the same computer > c) the user not deleting the cookie > ... is a BAD idea. > > Frankly, if you force me to use a single computer to access your site, > I'll just leave and never return. I have 3 desktops and a laptop, all > of which I use at different times. Telling me I can only use one of > them to access your site is like telling me I have to be wearing green > socks whilst visiting your site. It should be about MY preference, not > yours. > > Likewise, you can't tie a member to a mac address, or to an IP address. > > I don't really have a solution to your problem, and anything you DO > implement will be a pain in the arse to users (otherwise Amazon et al > would have already implemented it), but here's some thought starters\ > -- all of which are deterrents NOT solutions. > > 1. Make sure that a user can't login from two different places at > once, if the user does, generate an email report of the problem, so > that you can keep an eye on users who might be abusing the system. > > 2. Randomly ask the user an additional question on login (DOB, pet's > name, shoe size, postcode, etc) and compare it to Q's asked earlier. > > 3. Tell them repeatedly that sharing a userid/pass is against your > acceptable terms, and that any members caught doing so will have their > account closed without refund -- usually the idea of getting caught is > a good enough deterrent. > > 4. Perhaps implement a rolling password system -- if this thing needs > to be bullet proof. Each time they login, or once a month, or at > random intervals, you could reset their password. Again, this ins't a > solution, but it's a deterrent, because the user would have to keep > their friends "updated". > > > Most of the above is guaranteed to frustrate users though. Is your > site worth enough to your users to frustrate them? Is the content your > protecting really that important? I doubt it :) > > > Justin > > > > > > On Friday, October 10, 2003, at 11:44 AM, Manisha Sathe wrote: > > > Hi, > > > > I have a client. He does not want member login by just giving password > > and > > login id. He says anybody can give this info to his friend and his > > friend > > can access the site. > > > > One way is to make use of cookie on his computer. So only from one > > computer > > he can access the site. But the thing is that user needs to accept it, > > and i > > believe I need to provide some method too in case they delete the > > cookie. > > > > Is there any other solution for this ? Is there any third party > > software > > for this ? > > > > Regards > > Manisha > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > --- > > [This E-mail scanned for viruses] > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
