Suggestion What are some suggestions for improving security in the registration process?

  • Thread starter Thread starter cronxeh
  • Start date Start date
AI Thread Summary
Improving security in the registration process involves several key strategies. Monitoring registration numbers for anomalies can alert administrators to potential issues, while implementing CAPTCHA or similar verification methods enhances user authenticity. Additionally, checking registrants' IP addresses for proxies or duplicates can help prevent fraudulent registrations. However, limiting registrations to one IP may cause issues for users on shared networks, and changing field names in data submissions could thwart automated scripts. Overall, a multi-faceted approach is essential for strengthening registration security.
cronxeh
Gold Member
Messages
1,004
Reaction score
11
Well in light of recent events, it seems only prudent to add security to registration process, my suggestion are as follows:

1. Check to see if the number of current registrations is 2 standard deviations away from the average for daily number of registrations, and if it is then notify admin by sms email. The average and stdev could be calculated once every 24 hours and stored in the sql database to save computational time and add robustness to the algorithm

2. Add captcha or some sort of nonlinear image for verification purposes

3. Check each registrant's IP for anonymous proxy or whether the IP is a multiple of another registered account and deny any new registration to that IP, add option to delete all newly registered users with the same IP
 
Physics news on Phys.org
Thanks for your suggestions cronxeh. We are actively taking steps to strengthen our registration process.
 
If you make it one IP per registeration you may run into problems with people using the same networks i.e.. schools. Also isp's sometime recycle ips around.
 
I often wonder if just changing names of fields/variables passed through GET/POST won't make most scripts fail. I don't think they always analyze full page code, most likely it is just done once manually.
 

Thread 'Thank you to mentors, advisors and members'

I want to thank those members who interacted with me a couple of years ago in two Optics Forum threads. They were @Drakkith, @hutchphd, @Gleb1964, and @KAHR-Alpha. I had something I wanted the scientific community to know and slipped a new idea in against the rules. Thank you also to @berkeman for suggesting paths to meet with academia. Anyway, I finally got a paper on the same matter as discussed in those forum threads, the fat lens model, got it peer-reviewed, and IJRAP...
View full post »

Thread 'Thank you physics forums, 20 years later'

About 20 years ago, in my mid-30s (and with a BA in economics and a master's in business), I started taking night classes in physics hoping to eventually earn the science degree I'd always wanted but never pursued. I found physics forums and used it to ask questions I was unable to get answered from my textbooks or class lectures. Unfortunately, work and life got in the way and I never got further the freshman courses. Well, here it is 20 years later. I'm in my mid-50s now, and in a...
View full post »

Similar threads

Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
Replies
8
Views
4K
Anonimity: Time to take the internet back.
Replies
3
Views
4K

Hot Threads

Recent Insights

Back
Top