Re: Referrer not good, but anything better?

Have your subscribers log-in formally before downloading their updates. Use the basic authentication built into Apache, for example. Just set up the .htaccess (is that the right name?) file to allow your customers. They will get a pop-up to give their correct customer name, regardless of their IP address.

Comment on Re: Referrer not good, but anything better?

Replies are listed 'Best First'.
Re: Re: Referrer not good, but anything better? by waswas-fng (Curate) on Dec 30, 2002 at 18:09 UTC
Although this may seem like a solution it is almost always not -- in his service model, the sites that are paying for his services will almost never want to pass user:pass info to him for their customers. also a single user:pass does not bode well for security as third party subscribers would be able to use one of the "services" the site is offering after canceling there account. If you look at sites that do this often the 4 basic models used are: Transperant proxy / SSI(all requests come from subscribing sites) Referrer (auth is based on last url) Temp user/ID per request (cgi on the services box grants a user/pass via cgi that allows user temporary access) Domain level cookie (middle site creates a dns record for <service>.itsdomain.com that points to the subscribed service -- then creates a cookie in its domain for auth) -Waswas	[reply]

Replies are listed 'Best First'.

Re: Re: Referrer not good, but anything better?
by waswas-fng (Curate) on Dec 30, 2002 at 18:09 UTC

[reply]