I have an advertising web site I've developed that allows users to both view posted ads and enter freebie ads. I use this as an inducement for selling other things on my web site. I don't require any login or password. The site is open to the public, just like a newspaper is.
I do, of course, collect some basic vital statistics before a user can post an ad. Things like :
user name
telephone no.
town
zip code
email address
These are all required fields. (I do not require a street address because some users balk at having their phone number linked to their street address for security reasons, even tho it's only stored in my MySQL database.)
My question is, what would make a good set of authentication criteria before I would allow a user to edit their ad (should the need arise)? Here are some criteria I have thought about using, to authenticate the user :
telephone no. But that's not much of a "primary key" because people move around, and somebody else can end up with your old phone no.
telephone no. + email address. Still not enough. The problem is, both of these can be optionally displayed with the user ads as contact information.
telephone no. + email address + user name. Well, that's much better, but still not bullet proof. Some prankster could still have that information and “edit” your ad for you. :evilgrin:
Even using the 5 fields above may not be enough, as I routinely display the user's town with their ad as a convenience to my viewers. I do this because people don't want to drive from, say, Seattle to Dallas for a mere garage sale (one of my ad categories). And if you have the town, the zip code is easily obtainable.
I don't want to seem paranoid here, but better safe than sorry. I cannot afford to take the risk of somebody maliciously editing someone else's advertisement, remote as that possibility may seem.
So, I've been exploring a few other ideas to supplement this authentication scheme. I could send the user a cookie, with some value from one of the listed fields in it, e.g. the phone no. And I could check for the presence of this cookie and its value before I allow them to edit an ad. No cookie OR wrong value = no edit. The only draw back to that scheme is, they would have to be at their home computer (or whatever computer they used when they posted their ad) to be able to edit it. Yep, always a tradeoff somewhere.
Another scheme might involve the old "secret question" idea. You would answer this question once, and only once, e.g., mother’s maiden name, and I would store the answer in a cookie. But this isn't any better than the above scheme. It just uses a different value.
As an alternative, I could store this answer to their secret question with their ad. That way, I could eliminate the cookie idea by using this field as part of the SQL query for retrieving their ad(s). But do I really want to waste a whole table column to do this? And they would have to supply the answer to the secret question for each ad. Otherwise, it’s back to using a cookie.
And yet another solution might be to have a separate table with the user’s vital stats stored in it, perhaps using the social security number as a connecting key to both tables. But how invasive can I get here before turning people off? Most people do not want to give out their Shosh number! Perhaps my question all boils down to this :
What is a bullet proof primary key I can use to authenticate someone, that is also not an invasion of their privacy? Telephone numbers will not work, for reasons already described. A birthday? No, that is not unique. So maybe the secret question idea is the best? Which leads me right back to the fork between using a cookie, or adding an extra field to the table.
Well, those are just some of my thoughts. I'd appreciate any input from those of you who have been down this road before with authentication, and what works best, and what doesn't work.
Thanks in advance.
