Image Verification Security
Posted on 2006-12-01
Hey, I've created a Image Verfication class and I'm basically wondering if anybody knows how the larger companies store 'login attempts' and how they associate attempts with users.
Through my own testing I have determined the following:
1) Attempts are not stored in cookies or sessions
2) Attempts are not linked to the remote address
So just how do they know how many attempts I have had without storing my remote address or session id (or any other form of cookie related information). I have examined the $_SERVER variables to try and determine if there's any kind of data that is can be used to identify users, but I have failed to find any.
The only other theory that I can thikn of is that they combine a number of different data (creating a "fingerprint"), such as remote address mixed with the users browser for instance, but that would be useless for a variety of corporations and educational centres that have networked computers sharing the same address and using the same browsers.
Please put me out of my misery :)