Hi all,
I need a few ideas regarding security and multiple logons.
I have been tasked with building a system where the clients can purchase online courses and login to use the course(s) they have purchased.
I need some ideas on how to prevent someone giving or sharing thier user credentials with a third party so that they all get the course material for just one purchase.
Any ideas or suggestions very welcome.
ideas needed for a little security
Moderator: General Moderators
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: ideas needed for a little security
How about generating a one time only 'token', once used it's written to the database marking it as 'used'.ianhull wrote:I need some ideas on how to prevent someone giving or sharing thier user credentials with a third party so that they all get the course material for just one purchase.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: ideas needed for a little security
Thanks, however, the licence will grant them access to this course for 1 year,
I have been thinking about cookies and locking them to the same machine but then I will have all the hassle of (what if the cookies are deleted on exit) etc, or is it possible to get a local computer name or something else that will lock them to just one system?
Thanks in advance.
I have been thinking about cookies and locking them to the same machine but then I will have all the hassle of (what if the cookies are deleted on exit) etc, or is it possible to get a local computer name or something else that will lock them to just one system?
Thanks in advance.
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: ideas needed for a little security
Imo (and you probably gathered as much) the problem with this is that you will be forcing a user to do something. Not neccesarily a bad thing but the user might not always be able to use their own (or the same) computer to access the site due to whatever reason.ianhull wrote:I have been thinking about cookies and locking them to the same machine but then I will have all the hassle of (what if the cookies are deleted on exit) etc, or is it possible to get a local computer name or something else that will lock them to just one system?
Im guessing payment will be made for each course? If so, it's up to the user to keep their login credentials to themselves.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering