On Mon, 8 Apr 2002, Jeff Lewis wrote: > We've used email ban and IP ban but there are easy ways around this as > you all know. I am wondering if there is anything a little more > hardcore to do as far as banning goes. I had read somewhere about > grabbing a MAC address or something similar from a network card. Has > anyone heard of this method or does anyone already use a pretty solid > method?
You shouldn't be able to get the MAC address off someone's card via their web browser (maybe if they allow ActiveX and use Windows then there's some security hole you could exploit). In any case, MACs can be changed, and they still identify a piece of hardware rather than a human. It is a fact of life that things uniquely identifying humans are fairly difficult to validate on the internet. The easier it is to verify, the easier it is to fake. This sometimes-annoying reality is what preserves whatever lingering privacy we still enjoy. Maybe you can cook up a cocktail of cookies, IP, $HTTP_USER_AGENT, and JavaScript-reported browser characteristics. But ultimately you're not going to keep out the determined prankster unless you rely on something that has significance in the Real World, such as credit cards, phone numbers, personal referrals, reputation-based credentials, and so on. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php