I dont know if I would use social security #, I mean mine is 555-12-5555 or was it 123-45-6789 or maybe 999-99-9999, you can't really validate its "correctness" besides the syntax.
Maybe use their cc # or checking account # as their username (securely of course) because they cant fake that and it's highly doubtful they will pass that # around to their friends. ---------------------------------------- From: "Michael T. Tangorre" <[EMAIL PROTECTED]> Sent: Saturday, April 23, 2005 11:31 AM To: CF-Talk <[email protected]> Subject: RE: login issues > From: [EMAIL PROTECTED] [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > We run a paid subscription service for students to help them > pass their state and national boards. We've found that some > subscribers are passing around their login info and getting > into our site for free. I've tried to do an IP comparison > when two users login with the same login. This is not ideal > with dynamic IPs or when a valid subcriber uses a computer at > work or a computer at home to access our site. There might be > more to the IP sniff to make it work than I have knowledge of though. > > Is there a way of restricing access to x number of > computers/browsers per subscriber? From my understanding it > can be done with cookies - dropping a cookie on only the > browsers that are to be used. But that has it's own issues > like cookie deletes through computer crashes or, as I've just > been told, that you can get an extension for Firefox that > allows you to create and edit cookies as if they were set by the site. I worked on a site a while back where we had the same problem, users sharing information to login. What I did was to switch their login information to their SSN number or credit card number. People are less likely to share such personal information with others. The downside is that you better be sure you can protect that information on your end, i.e. hash it. Then compare the hash to the a hash of their entered login info. On top of that use flags in your DB to denote when a user logs in and when they log off and do not allow a login to be successful if there is someone already logged in using the same info. There are other approaches but this one worked for me and dropped multiple logon attempts almost 100%. Those that keep trying get banned, no refund. :-) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:204134 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
