You can prevent more that one login at the same time for the same
account; yet, you always have to consider an MITM attack being possible
unless you have a known pre-shared key system. In your DB, all you need
to do is keep track of how many users on a given network are connected,
or attempting to connect on that login.
There is no way to prevent multiple logins from users that have
different accounts, 100% of the time; for, IP addresses get shared, NAT
is imperfect, MACs + IPs can be spoofed, and even if your ISP adds
identifying elements to your packets, a proxy-per-browser can fool you
almost every time.
On some types of servers, you may want to leverage statistics about user
interactions with other users and the system, to see if identifying
patterns emerge; yet, this would all depend on the stats you track and
your ability to develop learning and pattern recognition systems. This
method is great for monitoring systems for gaming, management,
communications, and financial institutions, and can be extended to many
other areas; however, you really do need to know what data to track, and
how to use it, and even if you do, I could easily just modify behaviour
slightly enough to outsmart the patterns it can recognize.
There is also the method of having someone sit and moderate user
interaction, to see if someone is using multiple accounts or trying to
screw with the system, and then enter in variables that made the
moderator flag the interaction as being unsafe so the server can use it
to eventually do it automatically; yet, you would need to know how to
implement a system that can modify the patterns it looks for, if it
notices it has become too strict.
Sorry about the rant, but I just want to get across that no matter how
technical you get, there is no perfect method, and you can't do much
about it, unless you really filter out who can have an account, and what
information that account is associated with.
E.G. banks force users to provide id, and there is no way, unless they
specifically allow it, or fraud was used to gain an additional account,
that a person could have two accounts and be logged into them at the
same time.
On 5/22/2010 11:38 PM, Karl DeSaulniers wrote:
Hello Gurus,
Is there a way to block multiple logins on one computer?
Karl DeSaulniers
Design Drumm
http://designdrumm.com
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
