On 2/28/06, zaid emeish <[EMAIL PROTECTED]> wrote:
The security level you seek is relevent to the importance of the data you are protecting, so if you are protecting things that are recoverable and not that much of risk you don't need to go far with protection, but if you are protecting data like credit card numbers and social security numbers you might want to ask for the username and password before seeing this page, just like amazone; they let you shop on their site but when it comes to payement they require new login. And a good practice i saw is that if the person is idle for a certain ammount of time ( e.g not clicking or doing any action) you can terminate the session and require a new login. there are lots of things you can do but they can be expensive on the application or usibility, so you really need to know what you are protecting and how far you want to go with that.
And i agree that IP checking is not a perfferable idea, cuz some ISPs here use clustered proxies so the user would have a different IP on every new page they hit.On 2/28/06, Anubis HH <[EMAIL PROTECTED]> wrote:
--- Ala'a Ibrahim <[EMAIL PROTECTED]> wrote:
> I thought of that, but the thing that I mentioned an
> Internet Cafe is that
> the same 2 computers has the IP address for me,
Use the User Agent also. even in cafe's most probably
it's not the same. use referer also.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Jordan PHP Users Group
http://php.jolug.org/
Php mailing list
[email protected]
http://mail.jolug.org/mailman/listinfo/php_jolug.org
_______________________________________________
Jordan PHP Users Group
http://php.jolug.org/
Php mailing list
[email protected]
http://mail.jolug.org/mailman/listinfo/php_jolug.org
--
Ala'a A. Ibrahim
http://alaa83.blogspot.com/
_______________________________________________ Jordan PHP Users Group http://php.jolug.org/ Php mailing list [email protected] http://mail.jolug.org/mailman/listinfo/php_jolug.org
