Well! The credit bureau website I maintain. We don't use cookie because it doesn't help when the user had it turned off. We do compile OpenSSL and Libmcrypt with PHP, so we can check to see if the web browser is 128 bits and not below that. The PHP code for that is "$_SERVER['SSL_CIPHER_USEKEYSIZE']". We also use the "$_SERVER['REMOTE_ADDR'] to allow only the credit bureau employee to log in to the administration website that is if the employee's machine is at the credit bureau place. This help with some security but not a full security because people outside of the credit bureau can easily change the IP address on his/her machine or is in a local network behind the the firewall with make up IP addreses since it won't be used in the internet or real network. We also use Session ID to keep track of hte user, so that the user can be logged of if idle for like 15 minutes and we also use it to prevent the direct access attempt without logging in. Etc. Hope this idea can be of a help.
FletchSOD "Ed Lazor" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I've typically seen the use of a login / cookie in tracking users and > providing security. > > -----Original Message----- > Quick Question on Cookies vs. IP Number: > > They appear to be easy to set (well at least in PHP), hence quite > easily to get around (The user of your Site simply deletes the > Cookie on his Hard Drive...) In Konqueror you are actually > given the option of rejecting cookies... Using > getenv($REMOTE_ADDR) to retrieve someones IP number > isn't too reliable either in the case that someone is using > Dial Up... I just want to get ideas from other PHP Coders as > to how they secure their Sites and actually keep an accurate > record as to who and how many people visit your sites.. > coz even a combination of Cookies and IP would be easily > by-passed... > > Some Ideas if you may folks... > > **************************************************************************** > This message is intended for the sole use of the individual and entity to > whom it is addressed, and may contain information that is privileged, > confidential and exempt from disclosure under applicable law. If you are > not the intended addressee, nor authorized to receive for the intended > addressee, you are hereby notified that you may not use, copy, disclose or > distribute to anyone the message or any information contained in the > message. If you have received this message in error, please immediately > advise the sender by reply email and delete the message. Thank you very > much. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
