in reply to Identifying clients

Use SSL/TLS and use client certificates. Issue new users a cert with installation instructions for their web browsers and your web server can be configured to identify them for you. More - you can even lose the need to explicitly 'login' if you want - it can be handled by the SSL/TLS handshake. If you don't want to fork out the money for certs from a retail cert authority, use openssl to generate your own 'CA' and certificates for free.

A little Googling will tell you how.

Replies are listed 'Best First'.
Re: Wrong layer
by Firefly258 (Beadle) on Dec 09, 2006 at 18:33 UTC
    A problem with this strategy is that a client is restricted from using your service from a single machine and a single user account on that machine unless user profiles are truly distributable across many machines, but again the access is limited to those infrastructures that maintain roaming profiles. It nevertheless is the most secure strategy but at a cost that makes is quite infeasible to deploy in the real world.

    perl -e '$,=$",$_=(split/\W/,$^X)[y[eval]]]+--$_],print+just,another,split,hack'er
[reply]
[d/l]

In Section Seekers of Perl Wisdom