tags:

views:

45

answers:

2
+2  Q: 

Content Restriction Ideas

Hello,

I was trying to do subscription system which is only for registered user. Till registration stage, I am okie. But I don't want user to share their username and password with others because of the paid content. How can i prevent ?

  1. Check with IP, but what if they are on dynamic IP ? Using proxy ?
  2. Store cookies can change ?

Can anyone please kindly suggest how can i prevent ? I know there's no 100% bullet proof, but somehow, alittle bit tight security system.

Language will be with php, mysql, javascript.

A: 

Hi,

when your content is payed content, tell the users that they have to enter ther credit card informations every 10th login. I think this will stop them to share account. (When CC informations are wrong, the account will be closed).

Other idea: Limit the Sessions for one user to 2 - 3. They will think twice to share their credentials if they are not able to login when their friends are connected.

ArneRie  2010-01-29 07:21:04
Cool, the first idea i like it, but second one, limit the sessions for one user to 2-3, i doesn't understand. It does mean shorter session time ?
spotlightsnap  2010-01-29 07:25:19
and, storing their credit card information is quite senstive. If we got hijack the sql, we are goner. Any idea ?
spotlightsnap  2010-01-29 07:34:35
i mean only allow 1 login per user at the same time
ArneRie  2010-01-29 07:58:39
yeap, still they can share their login.
spotlightsnap  2010-01-29 09:04:02
+2  A: 

I recommend heuristics based approach -- if you detect something suspicious (eg. user connecting from many different IP-s) then you log this and this increments some counter in users's record, if the counter grows big enough, then you get notification and decide what to do.

It won't eliminate all cases of account sharing but hints you the problem users.

Aivar  2010-01-29 13:33:47
yeap, log IP is in my part of plan. But I want tight security than this. Like logging by IP and moderating is less automation process. Moderator have to check most of the time for suspicious activity. I want some automation process that we can prevent from sharing the accounts.
spotlightsnap  2010-01-29 16:13:39

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL