Chris, Well thought out. And I agree, I think that the problems will be the exception not the rule. Not everyone uses a cash machine, but those who do, off load the bank from that transaction.
Not every customer will want to or be able to use an online ordering system, opting for the old fax method. But the ones who do just offload that much more labor from our order entry people. Thanks again, Mark On 3/22/05 10:04 AM, "Chris Millet" <[EMAIL PROTECTED]> wrote: > For security reasons, we did not want to automate this process for the > end user. We felt it could be used to circumvent the security > requirements of our client. > > At this juncture, we wanted human intervention for a several reasons: > - it allowed our client to closely monitor any potential suspicious > activity > - it sends a message to the user that a human being, not a machine, is > cognizant of any security issues/changes > - it provides a quick way to work out routine user-mediated errors > regarding access � such as someone routinely clearing all their > cookies, etc. > > The process is as follows: > - our client appoints an admin to oversee user security issues, > including resetting accounts. > - a user experiences access problems on login page > - an error message notifies user of login problem and posts a reminder > of access requirements including "must login using the same browser on > the same PC as original setup" > - error page provides a mechanism for user to request assistance for > accessing the site > - The admin goes to a private page to reset the appropriate account(s) > > We weren't sure how this would work with all the paranoia about > concerning internet security and users routinely "cleaning out" their > browsers. But so far, access problems have been, by far, the exception > not the rule. I think awareness and good communication have had as much > to do with the success as anything else. > > Chris > > > > On Mar 22, 2005, at 11:34 AM, Mark Weiss wrote: > >> Chris, >> >> Makes sense to me. What would be the "reset" process? >> >> Make a reset page available "unique" to them, have them reenter their >> username/password and then reset the cookie? >> >> Thanks again. >> >> Mark >> >> >> On 3/22/05 9:28 AM, "Chris Millet" <[EMAIL PROTECTED]> wrote: >> >>> We did this by simply using a cookie. A cookie is set during the first >>> session, and then each subsequent session requires username, password >>> and cookie to enter the site. The cookie restricts access not only to >>> a >>> single PC, but to a single browser as well. >>> >>> The important thing is to notify the users about the restricted access >>> ahead of time and give instructions on what to do if a problem occurs. >>> When a problem does occur, the users simply sends a request to reset >>> their account. This provides a way to monitor potential suspicious >>> activity. So far it has worked very well, and only a couple of resets >>> are required a month for a base of about 1,000 users. >>> >>> Chris >>> >>> >>> On Mar 22, 2005, at 10:50 AM, Mark Weiss wrote: >>> >>>> Hi, >>>> >>>> I am about to deploy a system for B 2 B ordering. Does anyone know of >>>> a way, >>>> to set up user accounts from the customers desktop and capture some >>>> unique >>>> identifier from his PC so that in the future, if someone tried to log >>>> in >>>> using their username/password from another desktop, it would not >>>> work? >>>> >>>> I don't mean to be too paranoid. Just wanting to lock things down as >>>> much as >>>> is possible to protect us and protect the customer's information. >>>> >>>> Running Witango on OSX Panther Server, 10.3.8. Witango 5.5. Apache >>>> 1.3. >>>> >>>> ( And thanks to Robert Garcia, we have not experienced a single crash >>>> at >>>> this point after 2 months. Not a high volume site though, but so far >>>> fast >>>> and reliable. We have a date handling anomaly that I think is a >>>> witango >>>> issue, but other than that life is good. ) >>>> >>>> Mark Weiss >>>> >>>> >>>> >>>> _____________________________________________________________________ >>>> __ >>>> _ >>>> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf >>>> >>> >>> ______________________________________________________________________ >>> __ >>> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf >>> >> >> >> _______________________________________________________________________ >> _ >> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf >> > > ________________________________________________________________________ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
