-1

I have been searching the entire WWW for a week now to no avail.

Here's the scenario in bullet:

  • Application is web-based
  • Technologies are Java, struts2, Spring

Problem/Requirement:

When a user registers in our website, I must know if the user has already registered before (but is now using a different login id). Note that the system will not ask for any personal information from the user (e.g.: Real Name, Address, Birthday, etc.)

I've tried:

  • Limiting using IP address.. But IP addresses aren't fixed. They always changed.
  • I was planning to use MAC Address. Basically MAC address can be changed, but if I remember correctly, common users can not just changed their MAC address unless they really know what they are doing... in that case, it is okay.. although limitation using MAC address is not 100%, at least the common users do not know how to change their MAC address, so as of the moment, me and the client agreed to use the MAC address.. However, I do not know how to retrieve the MAC address of the client's computer/laptop... and as I searched further, it is impossible to do so..

So I wanna know if there's a certain trick to implement the said requirement... Note that the client just wants to prevent a HUGE number of users with multiple accounts in our website...

Can this be done? Note that I did not ask for this requirement, this is a client requirement and I am kinda at lost after few attempts so I want to ask experts if this is really possible.

Roman C
  • 49,761
  • 33
  • 66
  • 176
marcdkun19
  • 1
  • 2
  • IMO, Restricting per system would prevent multiple user ( actualy multiple users) from same machine. EamilId,FirstName,LastName,DOB should be enough to restrict one – Mani Jun 19 '14 at 21:01
  • Hi Mani.. I see your point, but the user account doesn't ask for those information... Actually, the scenario is that, the user will click a button to apply for a trial account.. The trial account is system generated, no personal information is asked.. However, the client wants to add in the logic of generating the trial account, means to check if the customer already applied before. (updated main question to add this condition) – marcdkun19 Jun 19 '14 at 21:11
  • No . you cannot / Should not get MAC address using javascript - http://stackoverflow.com/questions/3385/mac-addresses-in-javascript . Why dont you use cookies. I knew that users can clear the cookiees. Check this one http://stackoverflow.com/a/216599/2182351 – Mani Jun 20 '14 at 02:19
  • Read this also https://panopticlick.eff.org/browser-uniqueness.pdf – Mani Jun 20 '14 at 02:23
  • Ask for email address at least, and send download link in mail so you check it's a real address. Then blacklist all the temporary emails. This way people must register with a different, real email (and hence registering to email provider too) each time, making a little discouraging, and preventing a HUGE number of repeated users. Then combine this with cookies and other technique you may find. You won't reach safety, but at least you will gain "a bit more" safety. – Andrea Ligios Jun 20 '14 at 08:38

1 Answers1

-1

The best way that I can think to do this is to use a combination of information that you can easily collect through the user's browser. You can then store that on a database and use it to determine unique visitors. Here's what you can collect.

Computer brand, OS, and OS version Browser(firefox,safari,chrome etc..) Browser plug-ins (this is pretty good because most people have hundreds) Display information (screen size etc..)

This is pretty good as I believe only 1 in about 4 million people have the same browser plug-ins as I do.

a_river_in_canada
  • 301
  • 1
  • 10