Prev: [ANNOUNCEMENT] PHP_CompatInfo-1.8.0RC1 (beta) Released.
Next: [ANNOUNCEMENT] Net_UserAgent_Mobile_GPS-0.1.0 (alpha) Released.
From: "Hollenbeck, Dan" on 30 Jun 2008 13:49
Hi,

Has anyone successful deployed Auth with the advanced security features
enabled? If yes, did you have any false positives?

I have recently deployed a web application that uses Auth as the
authenication system. On initial deployment I turned on all of the
advanced security features, however I am now getting about 2% of my
users being logged out because the advanced security features detected a
security breach. I just spoke to one user whos ISP is ATT-Yahoo who was
constantly being logged out because her browser version appears to be
changing.

I am aware I can turn off specific advanced security features like this:

$a = new AuthExtended("DB", $options, "loginFunction");
$a->setAdvancedSecurity(array(
AUTH_ADV_IPCHECK => true,
AUTH_ADV_USERAGENT => false,
AUTH_ADV_CHALLENGE => true
));

Thanks, Dan

Dan
 | 
Pages: 1
Prev: [ANNOUNCEMENT] PHP_CompatInfo-1.8.0RC1 (beta) Released.
Next: [ANNOUNCEMENT] Net_UserAgent_Mobile_GPS-0.1.0 (alpha) Released.