Page 1 of 1
ideas needed for a little security
Posted: Thu Apr 07, 2011 3:32 pm
by ianhull
Hi all,
I need a few ideas regarding security and multiple logons.
I have been tasked with building a system where the clients can purchase online courses and login to use the course(s) they have purchased.
I need some ideas on how to prevent someone giving or sharing thier user credentials with a third party so that they all get the course material for just one purchase.
Any ideas or suggestions very welcome.
Re: ideas needed for a little security
Posted: Thu Apr 07, 2011 4:33 pm
by social_experiment
ianhull wrote:I need some ideas on how to prevent someone giving or sharing thier user credentials with a third party so that they all get the course material for just one purchase.
How about generating a one time only 'token', once used it's written to the database marking it as 'used'.
Re: ideas needed for a little security
Posted: Thu Apr 07, 2011 6:06 pm
by ianhull
Thanks, however, the licence will grant them access to this course for 1 year,
I have been thinking about cookies and locking them to the same machine but then I will have all the hassle of (what if the cookies are deleted on exit) etc, or is it possible to get a local computer name or something else that will lock them to just one system?
Thanks in advance.
Re: ideas needed for a little security
Posted: Fri Apr 08, 2011 11:29 am
by social_experiment
ianhull wrote:I have been thinking about cookies and locking them to the same machine but then I will have all the hassle of (what if the cookies are deleted on exit) etc, or is it possible to get a local computer name or something else that will lock them to just one system?
Imo (and you probably gathered as much) the problem with this is that you will be forcing a user to do something. Not neccesarily a bad thing but the user might not always be able to use their own (or the same) computer to access the site due to whatever reason.
Im guessing payment will be made for each course? If so, it's up to the user to keep their login credentials to themselves.