Re: General question on charging for data access

From: jblanch (jblanch_at_gmail.com)
Date: 12/16/04 

Date: 15 Dec 2004 20:40:13 -0800

Well, i'm going to attempt to weed out what you want, and some issues i
can foresee.

First off, the sessions are a great idea, but what about just an MD5 or
any other encrypted cookie? that way its easier to maintain and use,
becuase i always have trouble changing my session settings and things
like that (unless its a personal server, where you could easily edit
the php.ini file). But what you could do, is have the one time signup
(the acctuall regestriation/activation set the encrypted cookie with
the data you want, and that cookie will be read when they enter the
site, put into the database with a timestamp, and checked. What this
cookie problem will solve is the inability to record IP's correctly,
becuase with all the wireless LAN's out there, anyone can have 2-100
computers on the same IP.

I think using the cookie with an xxSQL database is one of the only ways
to go, because you can easily erase the records from the database, and
the other table will have the stored identifiers, keeping the two at
low memory usage.

The HTTP overlaping situation is somthing i had occur when programming
with winsock, i would use simultatious SendData's and end up connecting
the data together, effectivley crashing whatever i was doing, but when
you're i'm almost certian that with the HTTP Protocol, this "overlap"
would cause a server error, and not get read and parsed to CGI at all,
and it would bring up some 40-,50-, or some error.

Hope this helps.. and by the way.. what kind of project are you
_acctually_ working on? i hope i'm not helping with some ad/spam/adult
site :-/.

JBlanch
jblanch at gmail dot com
http://jblanch.us

Relevant Pages

  • Re: sessions timeout
    ... Another way would be to not use sessions and use the raw cookie instead, ... Every time a user with a valid login hits the site, you check his cookie against one stored in a database for that user, make sure its less than whatever minutes old, and immediately store the current time and issue a new utterly random cookie to the user. ...
    (comp.lang.php)
  • Re: How can I confirm a cookie is accepted?
    ... Geoff May wrote: ... I don't know if the cookie was accepted or not. ... possibily using the database as the repository, why not load that data into the ... Also look at sessions to see if the session is valid or not ...
    (comp.lang.php)
  • Re: how could i keep the session and use fewer system resource
    ... 'Inactive' sessions only take up a few bytes in a file in a tempdirectory, ... then when the user visit the site again, i read the cookie first to ... and match the data with the database. ... You will also find a usefull link to the ZEND website that contains an ...
    (comp.lang.php)
  • [UNIX] Wordpress Cookie Authentication Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Wordpress Cookie Authentication Vulnerability ... With read-only access to the Wordpress database, ...
    (Securiteam)
  • Re: Best authentication methods for CGI <- PERL -> DBI
    ... Right now one method which seems to be really unsecured, is to take them, check them against the PW/ID stored in the database and permit/deny against that. ... The client javascript code takes the password and MD5 sums it, and sends that as the password along with the cleartext username. ... One cookie is the record id of the user in the database, ... A solution to not use https would be public key encryption. ...
    (perl.dbi.users)