Is there away I can use this module to prevent user from sharing their accounts. I want ONE member to be downloaded from only ONE physical location. If they change location they cannot download.
Is there a way to impliment such system?
thanks in advance.
tscbh
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Right now, I can prevent my members from sharing account by updating their ip address everytime they enter my website. This can be done by getting the some portions of the HOSTNAME of their registered IPADDRESS and compare it with the portions of the HOSTNAME of their current IPADDRESS. If they are match then I update the IP. If not, then they cannot be downloaded. This is how I prevent member even if they have dynamic IP.
I just want to give an example to clarify my system:
This method work quite nicely, however, users within the same ISP can still share their account.
I am not too much worry about this issue, but the main problem is sometimes, the hostname cannot be resolved. In that case, the ip is not updated, user cannot download and they keep annoying me.
Do you know any better way to prevent users sharing account? Is there a way I can set cookie on 1 machine and only allow that machine to download?
Any suggestion is appreciated,
tscbh
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Let's see... Biometrics (fingerprint/retina scan) would be one way. Synchronized passwords which change every minute is another (you give them a device which flashes the new password every minute) :-)
But seriously - there really isn't a reasonable way to keep people from sharing passwords. The trouble is that tcp/ip and html protocols aren't really set up for that level of security. They validate a user id and password, but there isn't any real way to determine if more than one person is using the same user id/password. That's part of the reason why software pirating is so prevalent.
I'm assuming you have a subscription service where user pay $x per month to download files (after all, if it were free there would be no reason to not sign up).
You could do some things like create a java program (not an applet) they have to download. Each program has its own serial number (which you provide) and an internally generated random number (which the program generates and saves the first run - and sends to you, also).
From then on they use this program to do the downloading; it sends the serial number and random number to you for verification. If they pass, they can download the file. A lot of work, I admit. But it's one reasonable way to handle the problem. The only weak point is the storing of the random number - but it could be encoded with the Windows (assuming they are all Windows users) system ID, for instance. A lot of work, but you could do it.
Maybe another way might be to just limit them to X files per month downloaded. Say they can get 10 files; if they use all 10 they can't get any more until next month. That should limit the sharing. Or instead of a monthly fee, charge for each download.
Of course, the other problem here is you can't stop them from sharing the files once they're downloaded.
But there really isn't a great way to do what you want within the designs of TCP/IP or HTTP authentication.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There is no simple way I can think of to stop people from sharing account. The way you suggested above is great, however, many user will refuse to install anything into their system. And most of members don't even know how to use download manager. Even worse, they don't know how to right click and Save As... :)
I can force them to download say 10files/month, but I don't think they will be happy. I must find a way to prevent them from sharing. My current system is working fine, however, in some cases when the hostname cannot be resolved and their 1st and 2nd octect of their ip address mismatch they cannot download even though they are in the same isp.
If this occur I have to manually update the ip address for them, which really annoy me and my member because they paid for the service already.
But anyway, thanks for your suggestion Jerry.
tscbh
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is there away I can use this module to prevent user from sharing their accounts. I want ONE member to be downloaded from only ONE physical location. If they change location they cannot download.
Is there a way to impliment such system?
thanks in advance.
tscbh
Not reliably.
You could use ip address, but dynamic addresses can change at any time. MAC addresses don't change, but we have no access to that.
Hi Jerry,
Right now, I can prevent my members from sharing account by updating their ip address everytime they enter my website. This can be done by getting the some portions of the HOSTNAME of their registered IPADDRESS and compare it with the portions of the HOSTNAME of their current IPADDRESS. If they are match then I update the IP. If not, then they cannot be downloaded. This is how I prevent member even if they have dynamic IP.
I just want to give an example to clarify my system:
[registered ip] host 12.216.145.214 >> 12-216-145-214.client.mchsi.com
[current ip] host 12.216.145.215 >> 12-216-145-215.client.mchsi.com
[client.mchsi.com] part is compared
This method work quite nicely, however, users within the same ISP can still share their account.
I am not too much worry about this issue, but the main problem is sometimes, the hostname cannot be resolved. In that case, the ip is not updated, user cannot download and they keep annoying me.
Do you know any better way to prevent users sharing account? Is there a way I can set cookie on 1 machine and only allow that machine to download?
Any suggestion is appreciated,
tscbh
Let's see... Biometrics (fingerprint/retina scan) would be one way. Synchronized passwords which change every minute is another (you give them a device which flashes the new password every minute) :-)
But seriously - there really isn't a reasonable way to keep people from sharing passwords. The trouble is that tcp/ip and html protocols aren't really set up for that level of security. They validate a user id and password, but there isn't any real way to determine if more than one person is using the same user id/password. That's part of the reason why software pirating is so prevalent.
I'm assuming you have a subscription service where user pay $x per month to download files (after all, if it were free there would be no reason to not sign up).
You could do some things like create a java program (not an applet) they have to download. Each program has its own serial number (which you provide) and an internally generated random number (which the program generates and saves the first run - and sends to you, also).
From then on they use this program to do the downloading; it sends the serial number and random number to you for verification. If they pass, they can download the file. A lot of work, I admit. But it's one reasonable way to handle the problem. The only weak point is the storing of the random number - but it could be encoded with the Windows (assuming they are all Windows users) system ID, for instance. A lot of work, but you could do it.
Maybe another way might be to just limit them to X files per month downloaded. Say they can get 10 files; if they use all 10 they can't get any more until next month. That should limit the sharing. Or instead of a monthly fee, charge for each download.
Of course, the other problem here is you can't stop them from sharing the files once they're downloaded.
But there really isn't a great way to do what you want within the designs of TCP/IP or HTTP authentication.
Jerry
You're right Jerry,
There is no simple way I can think of to stop people from sharing account. The way you suggested above is great, however, many user will refuse to install anything into their system. And most of members don't even know how to use download manager. Even worse, they don't know how to right click and Save As... :)
I can force them to download say 10files/month, but I don't think they will be happy. I must find a way to prevent them from sharing. My current system is working fine, however, in some cases when the hostname cannot be resolved and their 1st and 2nd octect of their ip address mismatch they cannot download even though they are in the same isp.
If this occur I have to manually update the ip address for them, which really annoy me and my member because they paid for the service already.
But anyway, thanks for your suggestion Jerry.
tscbh