Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Based on your comment</p> <blockquote> <p>The sense of this requirement is to avoid users from registering in the application, paying for the membership and than giving the credentials of account to other people.</p> </blockquote> <p>Either you go expensive and highly secure like <a href="http://www.rsa.com/node.aspx?id=1158" rel="nofollow noreferrer">RSA hardware authenticators</a></p> <p>-or-</p> <p>You change your business model and make it unattractive to share credentials. e.g. due to cost - I don't share my apple or amazon creds because I don't feel like paying for their purchases. Another is having a user community. Nobody shares their flickr account because those photos are artistically theirs, and they don't want anyone mucking with their stuff for the sake of a few dollars. Sharing is dissuaded because it's a community, not just a repository.</p> <p>But none of these things prevent users from sharing, but I'm sure it happens a lot less.</p> <p>You otherwise restrict yourself to mechanisms that (attempt) to passively monitor abuse. Too many concurrent downloads, too many concurrent accesses, etc. If your user violate the t's and c's of your agreement then you suspend their account. But you would have to have very obvious offenders, because it's very easy to get this wrong. It's a model to be avoided if you can because you're always going to play catchup and there's always going to be someone who rips you off.</p> <p>Nobody will sign up to a website if they need to buy an RSA device to access it. It's not a viable consumer solution. </p> <hr> <p>(Original answer) I think what you want to look at is using Client Certificate Authentication. Essentially your user installs a personal client certificate on their machine so that when they connect to your server, your server can verify that computer.</p> <p>I'm not going to tell you it's easy, because it doesn't look like it. You may need to set up your own certificate server and quickly googling it, none of it is pretty.</p> <p>Maybe, OS depending, there's a feature in there that you can create a certificate that is machine-specific, or one that can't be exported. </p> <p>This sort of thing is usually for secure connections between between servers, and not typically for what you want on the client side. This is going to be a helpdesk nightmare.</p> <p>wiki <a href="http://en.wikipedia.org/wiki/Secure_Sockets_Layer" rel="nofollow noreferrer">Transport Layer Security</a> or windowssecurity.com <a href="http://www.windowsecurity.com/articles/Client-Certificate-Authentication-IIS6.html" rel="nofollow noreferrer">Using Client Certificate Authentication with IIS 6.0 Web Sites</a> or msdn <a href="http://msdn.microsoft.com/en-us/library/aa302408.aspx" rel="nofollow noreferrer">Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication</a></p> <p>You could also go the route of using <a href="http://www.rsa.com/node.aspx?id=1158" rel="nofollow noreferrer">RSA hardware authenticators</a></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload