|
|
Posted by "bruce" on 10/20/54 11:19
if i'm the server app, and you tell me that you're IE, v.6, i'd like the
ability to somehow be able to gather information from you, such that i can
then check with msoft to see if your answers match what msoft claims the
answers should be. if you give wrong answers, i can then make a
determination as to whether i want to talk with you, or perhaps limit the
amount/type of information i allow you to access...
this kind of approach goes beyond the 'user/access string' and can actually
get to be rather difficult to spoof, or to break...
keep in mind, this is an off the top suggestion, i'm sure if someone spent
some time, there could be solutions that would be robust, doable, and
reasonably secure...
-bruce
-----Original Message-----
From: Rory Browne [mailto:rory.browne@gmail.com]
Sent: Tuesday, June 21, 2005 7:39 AM
To: Matthew Weier O'Phinney
Cc: php-general@lists.php.net
Subject: Re: [PHP] Re: security question...??
On 6/21/05, Matthew Weier O'Phinney <matthew@garden.org> wrote:
> * "david forums" <dforums@vieonet.com>:
> > Why don't you try to get interactivity with ID machin which is unique,
or
> > with mac address.
>
> MAC address wouldn't work if the user is behind a proxy.
I think you mean IP addresses. MAC's won't work if the user is behind
a router - which they generally are, unless you're on the same network
- ie on an Intranet, and even then.......
>
>
> --
> Matthew Weier O'Phinney | WEBSITES:
> Webmaster and IT Specialist | http://www.garden.org
> National Gardening Association | http://www.kidsgardening.com
> 802-863-5251 x156 | http://nationalgardenmonth.org
> mailto:matthew@garden.org | http://vermontbotanical.org
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Navigation:
[Reply to this message]
|