You are not logged in.
- Topics: Active | Unanswered
#1 2006-04-15 17:57:39
- Komodo
- Member
- From: Oxford, UK
- Registered: 2005-11-03
- Posts: 674
Preventing account sharing, but NOT by checking IP
Is there any decent way to prevent people from sharing accounts without doing it by IP? I don't really want to restrict people from dl'ing from a site I'm working on just because they're logged in on a different pc, but I can't see any other way of doing it.
.oO Komodo Dave Oo.
Offline
#2 2006-04-15 19:23:04
- paranoos
- Member
- From: thornhill.on.ca
- Registered: 2004-07-22
- Posts: 442
Re: Preventing account sharing, but NOT by checking IP
that's a toughie. how about if a user is active at two IPs at the same time, then you know it's being shared. perhaps you can then ban the account.
Offline
#3 2006-04-15 19:24:50
- Komodo
- Member
- From: Oxford, UK
- Registered: 2005-11-03
- Posts: 674
Re: Preventing account sharing, but NOT by checking IP
Yeah, that's true paranoos, but it's a bit too lax for what I'm after, sadly 
.oO Komodo Dave Oo.
Offline
#4 2006-04-15 21:06:57
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: Preventing account sharing, but NOT by checking IP
If it is login based, you can issue the user an ephemeral token when they login, and tie *that* to a specific IP address. It expires after a time period or logout..whichever is first.
When the user logs in next, a new token is generated and issued.
Nothing would ever prevent someone from giving their friend their account (hell, if you give your friend your bank card and a pin number..they can use your bank account too. lol). They just wouldn't both be able to use it at the same time.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
#5 2006-04-15 23:12:22
- Komodo
- Member
- From: Oxford, UK
- Registered: 2005-11-03
- Posts: 674
Re: Preventing account sharing, but NOT by checking IP
If it is login based, you can issue the user an ephemeral token when they login, and tie *that* to a specific IP address. It expires after a time period or logout..whichever is first.
When the user logs in next, a new token is generated and issued.Nothing would ever prevent someone from giving their friend their account (hell, if you give your friend your bank card and a pin number..they can use your bank account too. lol). They just wouldn't both be able to use it at the same time.
I've got the 'ephemeral token' (:P) that you speak of, all nicely rigged up in my code 
I guess I'll just have to cope with either limiting people to a single IP or applying the 'no two people at the same time' rule that you two speak of.
.oO Komodo Dave Oo.
Offline