how about just not making the info public?
there really isn't any other reliable way to do it. whatever method you use to prevent people from spending more than 20 minutes on the search results page can be easily circumvented by the user just hitting Save in their browser and storing a local copy. IP limits are largely ineffective (IP's are not that hard to forge or just change every couple minutes if they have control over their local network). i once consulted on what basically was a large poll site and one of my tasks was to develop strategies to block people from voting multiple times. the straightforward approach of tracking IP addresses wouldn't cut it in the real world; what was eventually needed was some rough AI that would detect and flag input patterns that look suspicious (lots of the same vote coming in rapid succession or from similar/sequential IP addresses, etc). if they're determined, there's very little you can do without expending a huge effort.
is this data that the people listed added to your site or was it public data that you collected? have the people listed in the database consented to having their info listed?
what is your ultimate goal in blocking these people? is it to protect the people in the database from being called by insurance companies or are you somehow losing customers/revenue because they're only loading the pages once?
In reply to Re: Database Security
by thraxil
in thread Database Security
by mickie2000
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |