[nycphp-talk] Experts help needed (Sessions)
Chris Shiflett
shiflett at php.net
Sat Aug 6 17:58:52 EDT 2005
Joseph Crawford wrote:
> if you are incrementing on a valid match of the UA, are you saying to
> stop checking once they hit a threshold of say 50 checks?
I'm saying to start enforcing the checking at that point. :-)
This whole idea of recording history is just to increase the reliability
of the approach - it's not necessary, but you're otherwise more likely
to ask a legitimate user to provide the password again.
This same approach can be used for more than just user agent - the idea
is to identify things that are consistent in requests from your
legitimate users, then you can identify inconsistencies as a reason for
suspicion.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
More information about the talk
mailing list