I was trying to do subscription system which is only for registered user. Till registration stage, I am okie. But I don’t want user to share their username and password with others because of the paid content. How can i prevent ?
- Check with IP, but what if they are on dynamic IP ? Using proxy ?
- Store cookies can change ?
Can anyone please kindly suggest how can i prevent ? I know there’s no 100% bullet proof, but somehow, alittle bit tight security system.
Language will be with php, mysql, javascript.
I recommend heuristics based approach — if you detect something suspicious (eg. user connecting from many different IP-s) then you log this and this increments some counter in users’s record, if the counter grows big enough, then you get notification and decide what to do.
It won’t eliminate all cases of account sharing but hints you the problem users.