|
Home > Archive > IIS Server Security > November 2007 > WebSite Machine Registration
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
WebSite Machine Registration
|
|
|
| I apologize if I'm posting this in the wrong group but since I don't
know the answer to my question, I have no idea where it should be
posted. I have seen several banking websites that are able to
determine that I'm connecting from different machines. The websites
register each one asking extra security questions before allowing the
new machine to be used with the website. I have deleted all temporary
internet files and all cookies as a test and the website still knows
my machine has been previously registered. So information stored in
cookies is not the answer. Does anyone know how this is done?
| |
| David Wang 2007-11-20, 1:36 am |
| On Nov 19, 3:56 pm, Jim <jbutts07042...@hotmail.com> wrote:
> I apologize if I'm posting this in the wrong group but since I don't
> know the answer to my question, I have no idea where it should be
> posted. I have seen several banking websites that are able to
> determine that I'm connecting from different machines. The websites
> register each one asking extra security questions before allowing the
> new machine to be used with the website. I have deleted all temporary
> internet files and all cookies as a test and the website still knows
> my machine has been previously registered. So information stored in
> cookies is not the answer. Does anyone know how this is done?
Since you are having problems with the banking websites themselves, I
suggest contacting their support personel on how to accomplish your
task.
I assume you want official answers and not random "informed" hearsay.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
| |
|
| On Nov 19, 9:29 pm, David Wang <w3.4...@gmail.com> wrote:
> On Nov 19, 3:56 pm, Jim <jbutts07042...@hotmail.com> wrote:
>
>
> Since you are having problems with the banking websites themselves, I
> suggest contacting their support personel on how to accomplish your
> task.
>
> I assume you want official answers and not random "informed" hearsay.
>
> //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David.Wang
> //
I'm sorry my post was not clear. I am not having any problems with
any banking websites. I only listed them as examples. I am trying to
develop a similar behavior and I have no clue how they do it. They
have no access to the machines 'innards' (i.e. serial numbers of
hardware, operating system guids, etc.) and I've verified that they
are not using cookies.
I assume a bank will politely blow me off if I call and say "Hi, I'm
not having any problems with your website but can you explain exactly
how you implement your security?" It is not their business to teach
me how to develop websites but I assume someone knows how to implement
similar functionality.
| |
| Tom [Pepper] Willett 2007-11-20, 1:25 pm |
| Sounds more like a web development/coding/browser issue, not IIS.
: I'm sorry my post was not clear. I am not having any problems with
: any banking websites. I only listed them as examples. I am trying to
: develop a similar behavior and I have no clue how they do it. They
: have no access to the machines 'innards' (i.e. serial numbers of
: hardware, operating system guids, etc.) and I've verified that they
: are not using cookies.
:
: I assume a bank will politely blow me off if I call and say "Hi, I'm
: not having any problems with your website but can you explain exactly
: how you implement your security?" It is not their business to teach
: me how to develop websites but I assume someone knows how to implement
: similar functionality.
| |
|
| On Nov 20, 11:05 am, "Tom [Pepper] Willett"
<t...@youreadaisyifyoudo.com> wrote:
> Sounds more like a web development/coding/browser issue, not IIS.
>
As I originally said, I have no idea where I should post this. What
groups handle web development/coding/browser issues?
| |
| David Wang 2007-11-21, 2:12 am |
| On Nov 20, 11:42 am, Jim <jbutts07042...@hotmail.com> wrote:
> On Nov 20, 11:05 am, "Tom [Pepper] Willett"<t...@youreadaisyifyoudo.com> wrote:
>
> As I originally said, I have no idea where I should post this. What
> groups handle web development/coding/browser issues?
If I wanted to solve this problem, I would think about it like this:
In order for a system to recognize that a computer has been
registered, it must store some that information state *somewhere*.
From an implementation perspective, that state is often stored on the
accessing client system in the form of a cookie, but that's not the
only way to implement it. Maybe the state is stored on the server, in
the form of a MAC address of the network card or the IP of the
requesting client.
But that's just my thoughts on how to explain the observation and
solve the problem.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
|
|
|
|
|