I would add a bit field to the db where the usn/pwd is stored, 0=not logged
in 1=logged in. Would only work if you didnt want multi instances of the
same user logged in at the same time.
-----Original Message-----
From: David Crowther [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 05, 2000 10:59 AM
To: '[EMAIL PROTECTED]'
Subject: RE: <CF_porn>...
<cfnewbie> here.
How do you block additional users from logging on using the same UN/PW?
-----Original Message-----
From: Cameron Childress [mailto:[EMAIL PROTECTED]]
Sent: 05 July 2000 3:33 PM
To: [EMAIL PROTECTED]
Subject: RE: <CF_porn>...
That's a good idea, but its weakness is the case when a user's email address
in the system is no longer valid. I would just block additional users from
logging on using that UN/PW, and log the event. If the event happens too
many times in a set amount of time, the adminitrator of the site would be
notified and be able to take action at that time.
-Cameron
-----Original Message-----
From: Steve Nelson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 05, 2000 10:09 AM
To: [EMAIL PROTECTED]
Subject: Re: <CF_porn>...
I guess the question with this is.... which one do you allow or
disallow? What if the bad person logged in first and the good person
logged in within a couple minutes.... do you kick out the good person?
My thinking is that the account should get locked out somehow.
Maybe after the account has been compromised, it would kick all users
that are using that account out, then email the good person with a new
password. That would require the bad person to have to also break into
the user's email account. This would probably work great as long as the
person's email account is not also compromised
Steve Nelson
Cameron Childress wrote:
>
> I would be interested in hearing about any solution you end up with. For
> the record, I don't run any porn sites...
>
> An idea: I would think that disallowing two logins with the same UN/PW
> would solve this problem.
>
> -Cameron
>
> -----Original Message-----
> From: Steve Nelson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 9:36 AM
> To: Fusebox
> Subject: <CF_porn>...
>
> I have a slightly unusual question to ask.... Does anyone on this list
> manage a pornography site? (you can contact me off the list if you're
> weird about it)
>
> I'm asking, because I was just chatting with a CF developer who runs a
> porn site and he was talking about how everyone once in a while someone
> will buy an account and post the username and password on some 'free
> password list' website and then his site crashes because it can't handle
> the amount of requests.
>
> Anyway, if anyone has dealt with this issue, I'd love to chat about how
> they got around it for a security module I'm working on, or brainstorm
> on potential solutions.
>
> Steve Nelson
> --------------------------------------------------------------------------
--
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
> --------------------------------------------------------------------------
----
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
