[CLUG-chat] Website Visitor Authentication that can't be given to
charles at finebushpeople.net
Fri Jun 17 13:08:40 SAST 2005
Pondering a problem for a big website running apache on RH Linux (the
linux angle ;-):
The site will be selling subscriptions to content, but the usual
username/password mechanism lends itself to people giving it away to
others for free use.
What other mechanism could one use to prevent this?
My thoughts are along the lines of emailing the subscriber a link that
sets up a unique cookie in their browser. If the cookie isn't there
then no access. If they lose the cookie, then the 'forgot password'
function emails them another link.
Since only the PC with the subscribed email address has ready access to
the cookie-link, it is hard to just give someone the username/password
(you'd have to forward emails and/or copy cookies).
(Ooh, ja, before the thought-police get me: the client actually doesn't
want cookies, 'cos he deletes his every day (wtf?). Yet, (and this is
the joy of Windoze users), he knows his machine is infected with spyware
that he cannot remove. He wants some software that subscribers can
download and install (cookies are BAAAD, arbitrary downloaded software =
To me, cookies are about the only platform-independent mechanism for
this kind of thing (MS killed Java, and I do not want to go to having
separate software for *nix, Mac and 'doze).
tel: 021 701 8231
fax: 021 701 3338
... I was the kid next door's imaginary friend.
More information about the Clug-chat