This is along the lines of "locks only keep honest people honest".
There is no reason that the persistent cookie, stored in a file on the
PC, can't be stolen or transferred to another system.
On Tuesday, March 22, 2005, at 09:28 AM, Chris Millet wrote:
We did this by simply using a cookie. A cookie is set during the first
session, and then each subsequent session requires username, password
and cookie to enter the site. The cookie restricts access not only to
a single PC, but to a single browser as well.
The important thing is to notify the users about the restricted access
ahead of time and give instructions on what to do if a problem occurs.
When a problem does occur, the users simply sends a request to reset
their account. This provides a way to monitor potential suspicious
activity. So far it has worked very well, and only a couple of resets
are required a month for a base of about 1,000 users.
Chris
On Mar 22, 2005, at 10:50 AM, Mark Weiss wrote:
Hi,
I am about to deploy a system for B 2 B ordering. Does anyone know of
a way,
to set up user accounts from the customers desktop and capture some
unique
identifier from his PC so that in the future, if someone tried to log
in
using their username/password from another desktop, it would not work?
I don't mean to be too paranoid. Just wanting to lock things down as
much as
is possible to protect us and protect the customer's information.
Running Witango on OSX Panther Server, 10.3.8. Witango 5.5. Apache
1.3.
( And thanks to Robert Garcia, we have not experienced a single crash
at
this point after 2 months. Not a high volume site though, but so far
fast
and reliable. We have a date handling anomaly that I think is a
witango
issue, but other than that life is good. )
Mark Weiss
______________________________________________________________________
__
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
_______________________________________________________________________
_
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
