Don't ISPs deal with this issue all the time? At least in the olden-days
when internet access was expensive, people often pooled together and bought
a communal account. What did the ISPs do to block concurrent logins?
Alan McCollough
Web Programmer
Alaska Native Medical Center
> -----Original Message-----
> From: Jason Lotz [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 9:52 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: <CF_porn>...
>
> Jason,
> I agree but consider this. If someone gives away there valid login
> information, aren't they also a "bad user?" In other words, if I bought
> an
> account and gave the password to some friends I would not be suprised to
> be
> denied service at some point. I would assume that someone else was logged
> into my account and I would be right. Therefore, I don't think the "good"
> user v. "bad" user problem is actually an issue. Any thoughts?
>
> Jason
>
> -----Original Message-----
> From: Jason Egan [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 7:45 AM
> To: [EMAIL PROTECTED]
> Subject: RE: <CF_porn>...
>
>
> I've written some only one login at a time scripts, but how would you
> determine who was the 'bad' person logging in? By IP address? (or class
> c)... Currently when someone logs in a flag is checked, and the time of
> login. then with each action the time is updated. No one else can log in
> because the flag is set. If the person logged in - logs out, then the
> flag
> is reset and the account can be used again. If they forget to log out,
> there was a problem, but then we rely on the time. If the time the
> account
> is trying to be accessed is 5 or more minutes later than the last action
> performed by the previous person logged in, then they are permitted to log
> in. The session variables also expire after 5 minutes of inactivity, so
> there is only one person logged in at a time.
>
> But again I ask, how do you determine the 'bad' user? I thought about IP
> restrictions, but it was for a job fair, so the user may be out n' about.
>
> I do like Steve's idea however to change the pw and email the 'good' user
> the new pw.
>
> je
>
> -----Original Message-----
> From: Steve Nelson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 8:09 AM
> To: [EMAIL PROTECTED]
> Subject: Re: <CF_porn>...
>
>
> I guess the question with this is.... which one do you allow or
> disallow? What if the bad person logged in first and the good person
> logged in within a couple minutes.... do you kick out the good person?
> My thinking is that the account should get locked out somehow.
>
> Maybe after the account has been compromised, it would kick all users
> that are using that account out, then email the good person with a new
> password. That would require the bad person to have to also break into
> the user's email account. This would probably work great as long as the
> person's email account is not also compromised
>
> Steve Nelson
>
> Cameron Childress wrote:
> >
> > I would be interested in hearing about any solution you end up with.
> For
> > the record, I don't run any porn sites...
> >
> > An idea: I would think that disallowing two logins with the same UN/PW
> > would solve this problem.
> >
> > -Cameron
> >
> > -----Original Message-----
> > From: Steve Nelson [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 05, 2000 9:36 AM
> > To: Fusebox
> > Subject: <CF_porn>...
> >
> > I have a slightly unusual question to ask.... Does anyone on this list
> > manage a pornography site? (you can contact me off the list if you're
> > weird about it)
> >
> > I'm asking, because I was just chatting with a CF developer who runs a
> > porn site and he was talking about how everyone once in a while someone
> > will buy an account and post the username and password on some 'free
> > password list' website and then his site crashes because it can't handle
> > the amount of requests.
> >
> > Anyway, if anyone has dealt with this issue, I'd love to chat about how
> > they got around it for a security module I'm working on, or brainstorm
> > on potential solutions.
> >
> > Steve Nelson
> >
> --------------------------------------------------------------------------
> --
> > --
> > To Unsubscribe visit
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox
> or
> > send a message to [EMAIL PROTECTED] with 'unsubscribe'
> in
> > the body.
> >
> >
> --------------------------------------------------------------------------
> ----
> > To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> --------------------------------------------------------------------------
> --
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
> --------------------------------------------------------------------------
> --
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> --------------------------------------------------------------------------
> ----
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
