|
Posted by Leif Gregory on 02/24/05 17:55
Hello Jacques,
Thursday, February 24, 2005, 3:02:09 AM, you wrote:
J> I thought of capturing his IP Address and checking this value
J> against my users table in my database where I have captured IP
J> Addresses of users who have previously registered.
Good luck. There isn't a way that I know of that is 100%.
For instance, using the IP address could bite you because a new user
might come from the same ISP as an already registered user and they
ended up pulling the same IP address from the pool when they
connected. It's remote, but possible. A more likely problem with this
is if someone was behind a NATted firewall (corporate users) where
they all have the same IP address, or people who use proxy servers.
I guess, the best way is a cookie, but a user can delete their cookies
(people sometimes do this to cheat on voting systems so they could
place more than one vote.)
You could try a combination of things. logging their IP, setting a
cookie and maybe using javascript to pull some of the client machine
information and log that into a DB. If say two or more criteria match
then you refuse the second account creation.
Of course all that would fail if they used a different machine
altogether to create the second account.
You can make it more difficult to create a second account, but you
can't really prevent it. Even if you had a manual process in place
where they had to give you a valid phone number, address and e-mail
address, I could give you my cell number, my neighbor's or parents
address, and any e-mail account I had created.
I guess you could have them FAX you a photo ID, but still, if someone
was really determined, that can be gotten around too.
--
Leif (TB lists moderator and fellow end user).
Using The Bat! 3.0.2.3 Rush under Windows XP 5.1
Build 2600 Service Pack 2 on a Pentium 4 2GHz with 512MB
Navigation:
[Reply to this message]
|