All,
I'm looking into ways of uniquely identifying a
computer. I've been reading around the web looking at
different mechanisms, and so far I've drawn a fuzzy
blank. Currently, I want to use SSL to let a user sign
in and then I return a session cookie, which I then
use to confirm the user is
Disclaimer: the following is all to the best of my knowledge.
Take it for what it's worth.
On 8-Nov-04, at 9:27 AM, Martin Moss wrote:
so therefore I wonder if I can use this,
e.g. map my session_id to a UUID, and then when I
check the session is valid I crosscheck this, however
I'm not sure if I
On Mon, 8 Nov 2004, Martin Moss wrote:
I'm looking into ways of uniquely identifying a
computer.
Intel tried to implement this a while back with a unique ID in the
CPU. The public was not ammused. If you do find a way, please tell
us so we can find a workaround.
What I wish to do is
On Mon, 2004-11-08 at 09:27, Martin Moss wrote:
What I wish to do is prevent another user copying the
session cookie, from one computer to another, and then
gaining access.
If you're talking about packet sniffing attacks, use SSL and call it a
day. If you're talking about a technically
Thanks everyone. You've done a good job of assuring me
that I haven't missed the whole point of the way these
things work.
There's been some really useful ideas, suggested and
I'm going to have a think about which, if any, are
worth implementing.
Ultimitely I'm upgrading our site from normal