ideas needed for a little security

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ianhull
Forum Contributor
Posts: 310
Joined: Tue Jun 14, 2005 10:04 am
Location: Hull England UK

ideas needed for a little security

Post by ianhull »

Hi all,

I need a few ideas regarding security and multiple logons.
I have been tasked with building a system where the clients can purchase online courses and login to use the course(s) they have purchased.

I need some ideas on how to prevent someone giving or sharing thier user credentials with a third party so that they all get the course material for just one purchase.

Any ideas or suggestions very welcome.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: ideas needed for a little security

Post by social_experiment »

ianhull wrote:I need some ideas on how to prevent someone giving or sharing thier user credentials with a third party so that they all get the course material for just one purchase.
How about generating a one time only 'token', once used it's written to the database marking it as 'used'.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
ianhull
Forum Contributor
Posts: 310
Joined: Tue Jun 14, 2005 10:04 am
Location: Hull England UK

Re: ideas needed for a little security

Post by ianhull »

Thanks, however, the licence will grant them access to this course for 1 year,
I have been thinking about cookies and locking them to the same machine but then I will have all the hassle of (what if the cookies are deleted on exit) etc, or is it possible to get a local computer name or something else that will lock them to just one system?

Thanks in advance.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: ideas needed for a little security

Post by social_experiment »

ianhull wrote:I have been thinking about cookies and locking them to the same machine but then I will have all the hassle of (what if the cookies are deleted on exit) etc, or is it possible to get a local computer name or something else that will lock them to just one system?
Imo (and you probably gathered as much) the problem with this is that you will be forcing a user to do something. Not neccesarily a bad thing but the user might not always be able to use their own (or the same) computer to access the site due to whatever reason.

Im guessing payment will be made for each course? If so, it's up to the user to keep their login credentials to themselves.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply