On 2 Jun 2006, at 23:16, Spruell, Darren-Perot wrote: > Neither reasonable nor sensible from a security standpoint. > Authenticating > based on MAC addresses is like authenticating someone on the > pretense of > them wearing a blue shirt. It's not a strong authenenticator and it > can be > changed easily.
It's more of an identifier. I'm trying to use it to only allow one client per login/password, and I just figured MAC addresses would be more unique than an IP and easier to track between different sites. The login and password is still independent of the IP address. From thinking about it more, it's just simpler to track which IP address belongs to which login, and then when that user tries to login on a second client, the first one is barred access. This only allows one IP address per client. It does mean that the the IP tracking software needs to know a little more about the IP address that it created, and requires to be a bit more actively managed. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
