Posted by Steve on April 30, 2003 at 09:37:45:
Hi Forum Owner,
You really need a better mechanism for banning. Here, let me give you one. Currently, you put a cookie on a user's system to say that they are banned. While that works, if the user has a brain in their head, they'll simply delete the cookie. Presumably, you're using a list somewhere to decide which people to ban. Why not just check that list on the server side rather than relying on a cookie. In this manner, you can match the IP address/name combination to ban the individual permanently. My only recourse, then, would be to either change my IP address (which I could do) or change my username (which I could also do - though then Steve would lose power).
Anyway, with all the many ways you could be doing it, I suggest you don't use the cookie method (at least not how you're doing it), because it's incredibly easily thwarted, especially by those of us who 'design missiles for a living'. Perhaps the average rock-head won't figure it out, but since all of the anti-moo are one person, a person who a) makes $7K/day, b) designs missiles, c) owns several martial arts schools, and d) is capable of having the persona of some ~20-50 individuals and posting with each, you have little chance of thwarting me (err...us).