Loading ...
Sorry, an error occurred while loading the content.

Re: [PBML] So, why do you care what the IP is?

Expand Messages
  • merlyn@stonehenge.com
    ... Lou I am writing an online game and I at looking for ways to prevent cheating... Lou 1-Cookies Can be defeated. Lou 2-Same (or similar IP address?)
    Message 1 of 3 , Sep 14, 2007
    • 0 Attachment
      >>>>> "Lou" == Lou Hernsen <lhernsen1015@...> writes:

      Lou> I am writing an online game and I at looking for ways to prevent cheating...
      Lou> 1-Cookies

      Can be defeated.

      Lou> 2-Same (or similar IP address?)

      Broken for all the reasons I just listed.

      Lou> 3-Small program on the other computer to verify its the same person?

      Not cross-platform.

      Lou> I also want to prevent password stealing by flooding a login with
      Lou> passwords of a name untill the corect password is found... my thoughts.

      This can lead to denial-of-service attacks locking out legitimate users. Be
      prepared for handling telephone support calls.

      Lou> 1- 3 tries to log in from the web sight ,
      Lou> after that I send you an email to your email address with a link.
      Lou> Email address links that failed will lock the account and you have to
      Lou> contact ME to unlock it.. for a fee.

      Oh great, so I can force someone else to pay you money, just by trying to fake
      their username three times. Wonderful. Bad Bad BAD customer service idea.

      --
      Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
      <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
      Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
      See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
    • Lou Hernsen
      Hmm. agreed... any ideas on what TO do? ... fake ... idea.
      Message 2 of 3 , Sep 14, 2007
      • 0 Attachment
        Hmm. agreed...
        any ideas on what TO do?

        > Oh great, so I can force someone else to pay you money, just by trying to
        fake
        > their username three times. Wonderful. Bad Bad BAD customer service
        idea.
      Your message has been successfully submitted and would be delivered to recipients shortly.