SSL would maybe solve the security problem partly. But not protecting against evil scripts and injections on postings and PM's (like the "mouseover") etc. It would probably not be desireble to use SSL through every page that's being visited, since I'll guess it would slow down the server a lot. Could probably be used during the registration/login/edit account process, in order to not send ID and Passwords in clear text over the net. Storing and receiving hashed cookies would probably be better. That's why I would like to use the computer name baked into the hash as well.
And the IP? It all falls down that many users actually gets different IP number everytime they connect to the internet. So, the computer name would be the most static thing I could think of.
How would the local computer name be a greater security hole than the IP address since everything someone could do with a computer name, could also be done with the IP address.(?)
Enlighten this newbie plz! 🙂
Maybe I'm wrong, but... Doesn't e-mails contain headers which are telling the name of the sending computer? With that in mind, I thought this where available thru PHP as well.
Anyway... It seems that I have to rethink the whole structure I was working on. And a "Remember Login ID & Password" function would also pose a futher threat to the secrurity as well. :quiet:
If I only could find something unique about every computer, other than using the IP-number...