[drupal-devel] Securing Login: MD5 password
hashing using javascript
Pat Collins
pat at linuxcolumbus.com
Tue Nov 8 17:50:35 UTC 2005
On Tue, 8 Nov 2005 19:45:53 +0200, Adrian Rossouw <adrian at bryght.com> wrote :
> > True, but not everybody can use ssl/tls. What about some kind of
> > authentication checking where the site would keep track of where
> > you have
> > logged in from and upon detection of a change would prompt you with a
> > question that only you would know or send you an email that you
> > would have
> > to respond to before you could gain access?
> Like certain ISP's that change the ip of the user with ever request ?
>
> 'where you have logged in from' is mostly impossible to determine.
>
They may change their IP, but that IP can be tied to who owns that block.
Pat
More information about the development
mailing list