iis security: WebSite Machine Registration -- iis security

You're in the

iis security

group:

WebSite Machine Registration

WebSite Machine Registration

Jim
11/19/2007 3:56:02 PM

iis security:

I apologize if I'm posting this in the wrong group but since I don't
know the answer to my question, I have no idea where it should be
posted. I have seen several banking websites that are able to
determine that I'm connecting from different machines. The websites
register each one asking extra security questions before allowing the
new machine to be used with the website. I have deleted all temporary
internet files and all cookies as a test and the website still knows
my machine has been previously registered. So information stored in

Re: WebSite Machine Registration

David Wang
11/19/2007 7:29:38 PM

[quoted text, click to view]

Since you are having problems with the banking websites themselves, I
suggest contacting their support personel on how to accomplish your
task.

I assume you want official answers and not random "informed" hearsay.

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang

Re: WebSite Machine Registration

Jim
11/20/2007 7:32:21 AM

[quoted text, click to view]

I'm sorry my post was not clear. I am not having any problems with
any banking websites. I only listed them as examples. I am trying to
develop a similar behavior and I have no clue how they do it. They
have no access to the machines 'innards' (i.e. serial numbers of
hardware, operating system guids, etc.) and I've verified that they
are not using cookies.

I assume a bank will politely blow me off if I call and say "Hi, I'm
not having any problems with your website but can you explain exactly
how you implement your security?" It is not their business to teach
me how to develop websites but I assume someone knows how to implement

Re: WebSite Machine Registration

Tom [Pepper] Willett
11/20/2007 11:05:45 AM

Sounds more like a web development/coding/browser issue, not IIS.

: I'm sorry my post was not clear. I am not having any problems with
: any banking websites. I only listed them as examples. I am trying to
: develop a similar behavior and I have no clue how they do it. They
: have no access to the machines 'innards' (i.e. serial numbers of
: hardware, operating system guids, etc.) and I've verified that they
: are not using cookies.
:
: I assume a bank will politely blow me off if I call and say "Hi, I'm
: not having any problems with your website but can you explain exactly
: how you implement your security?" It is not their business to teach
: me how to develop websites but I assume someone knows how to implement
: similar functionality.

Re: WebSite Machine Registration

Jim
11/20/2007 11:42:45 AM

On Nov 20, 11:05 am, "Tom [Pepper] Willett"
[quoted text, click to view]
As I originally said, I have no idea where I should post this. What

Re: WebSite Machine Registration

David Wang
11/20/2007 7:17:55 PM

[quoted text, click to view]

If I wanted to solve this problem, I would think about it like this:

In order for a system to recognize that a computer has been
registered, it must store some that information state *somewhere*.
From an implementation perspective, that state is often stored on the
accessing client system in the form of a cookie, but that's not the
only way to implement it. Maybe the state is stored on the server, in
the form of a MAC address of the network card or the IP of the
requesting client.

But that's just my thoughts on how to explain the observation and
solve the problem.

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the iis security group.

View Other Months
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008

home · blog · groups

Questions? Comments? Contact the dn