You could simply change the password to prevent future attempts. Then
if you're using client variables to verify when a user is logged in, you
could delete all occurances of that userID from the cdata,cglobal tables
(assuming you are storing your client vars in a database). That way any
users that are currently logged in would be kicked out.
Steve
David Crowther wrote:
>
> <cfnewbie> here.
>
> How do you block additional users from logging on using the same UN/PW?
>
> -----Original Message-----
> From: Cameron Childress [mailto:[EMAIL PROTECTED]]
> Sent: 05 July 2000 3:33 PM
> To: [EMAIL PROTECTED]
> Subject: RE: <CF_porn>...
>
> That's a good idea, but its weakness is the case when a user's email address
> in the system is no longer valid. I would just block additional users from
> logging on using that UN/PW, and log the event. If the event happens too
> many times in a set amount of time, the adminitrator of the site would be
> notified and be able to take action at that time.
>
> -Cameron
>
> -----Original Message-----
> From: Steve Nelson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 10:09 AM
> To: [EMAIL PROTECTED]
> Subject: Re: <CF_porn>...
>
> I guess the question with this is.... which one do you allow or
> disallow? What if the bad person logged in first and the good person
> logged in within a couple minutes.... do you kick out the good person?
> My thinking is that the account should get locked out somehow.
>
> Maybe after the account has been compromised, it would kick all users
> that are using that account out, then email the good person with a new
> password. That would require the bad person to have to also break into
> the user's email account. This would probably work great as long as the
> person's email account is not also compromised
>
> Steve Nelson
>
> Cameron Childress wrote:
> >
> > I would be interested in hearing about any solution you end up with. For
> > the record, I don't run any porn sites...
> >
> > An idea: I would think that disallowing two logins with the same UN/PW
> > would solve this problem.
> >
> > -Cameron
> >
> > -----Original Message-----
> > From: Steve Nelson [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 05, 2000 9:36 AM
> > To: Fusebox
> > Subject: <CF_porn>...
> >
> > I have a slightly unusual question to ask.... Does anyone on this list
> > manage a pornography site? (you can contact me off the list if you're
> > weird about it)
> >
> > I'm asking, because I was just chatting with a CF developer who runs a
> > porn site and he was talking about how everyone once in a while someone
> > will buy an account and post the username and password on some 'free
> > password list' website and then his site crashes because it can't handle
> > the amount of requests.
> >
> > Anyway, if anyone has dealt with this issue, I'd love to chat about how
> > they got around it for a security module I'm working on, or brainstorm
> > on potential solutions.
> >
> > Steve Nelson
> > --------------------------------------------------------------------------
> --
> > --
> > To Unsubscribe visit
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> > send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> > the body.
> >
> > --------------------------------------------------------------------------
> ----
> > To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> ----------------------------------------------------------------------------
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
> ----------------------------------------------------------------------------
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> ------------------------------------------------------------------------------
> To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
>message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
