"Jeff Cochran" <je*********@zi na.com> wrote in message
news:42******** *******@msnews. microsoft.com.. .
On Wed, 13 Apr 2005 14:03:53 -0400, "Victor" <bl***@blank.co m> wrote:
"Jeff Cochran" <je*********@zi na.com> wrote in message
news:42******* ********@msnews .microsoft.com. .. On Mon, 11 Apr 2005 15:37:38 -0400, "Victor" <bl***@blank.co m> wrote:
>
>"Curt_C [MVP]" <software_AT_da rkfalz.com> wrote in message
>news:OX******* ******@TK2MSFTN GP09.phx.gbl...
>> there is no guaranteed way of doing this...
>> Best you can do it get the users IP and do some geo-lookups but even
these >> aren't accurate, they will only get you a location for the users ISP
at >> best.....
>
>That's the old way.
>
>Most reverse DNSs now give you the domain not of the ISP, but of the
user's >internet connection location to the ISP, which then needs to be
decoded >(which is what I'm asking for) to give you the town.
Reverse DNS gets you whatever is entered in the in-addr.arpa reverse
domain for the zone. It may be an indicator of location, it may not.
Now, how do you get my country and town when I dial into a Canadian
ISP from here in the US?
Like I wrote, I get the location of the Canadian ISP connection (duh),
whichis exactly what I was telling you when I wrote that you get "the user's
internet connection to the ISP". Do you need me to explain that more
fullyto you?
I understand you, and your explanation. What I don't understand is
how the Canadian ISP location I dialed into equates in any way to
identifying me or my security access, since I only dialed the Canadian
number because my US ISP was busy for two hours straight.
For the situation you mention above... hmmm... O.K., I guess I'll have to
handle it by tracking some users with a persistent cookie.
in pseudoCode,
' So, when the user logs in the very first time,
IF GeoBytesLocatio n <> "undefined" , and other security stuff is valid,
THEN set persistant cookie and record browser ID
END IF
'On subsequent login,
IF the GeoBytesLocatio n is within xxx miles, and other security stuff is
valid,
THEN it's O.K., and set cookie
Log them in
ELSE 'it's outside of xxx miles
check if it's been X hours since login 'maybe they're travelling?
check if "Proxy Network" '(AOL, MSN, etc)
check for cookie
do other non-geographic security stuff
make decision if it's O.K.
END IF
This is going to depend upon other stuff as well, since some users delete
all their cookies on a regular basis.