Where did you learn your skills?

[Katja]

A guid has about 340,280,000,000,000,000,000,000,000,000,000,000,000 possible combinations so if a couple of dozens are stored in a database to indicate the permanently banned members there would still be enough combinations left. Then again, any GUID would be valid as long as it's not in the database.

The cookie would still identify a banned person after they've logged out of AO. If they then log in with a different account without clearing or modifying their cookie then you just provide them an error page, making it appear as if something went wrong. But in the meantime, this new or second account would be marked to be blocked too. And the third, fourth or even more, if the banned person forgets to clear his cookie. (Just don't clear cookies when a person logs out.)

It's not a perfect protection but it's an additional layer that they will have to discover to bypass it.

[bballad]

Katja: Again theproblem is that you are putting your "security" device on the system of the person you want to keep out. This may keep out the casual nusance but what is in place will do that. Not only will your scheam not keep out anyone that we are truly worried about, it would tend to cause the mods to rely on it so when the mechanisim is defeated (at trivial thing to do considering the cookie is on the attackers computer and they can get as many as they want for analysis) no one would be aware of it.

My guess is you are still in school and rather young, you need to learn how to fallow a solution out to its logical conclusion good and bad. You also need to accept that not only are you not the smartest one around, the people you are tryign to counter are as cleaver if not more cleaver then you are.

[Katja]

No, thing is... You put some minor part of the security on the client side. Of course, expect it to be bypassed sooner or later. But it keeps out the casual nuisances. As I said before, it wouldn't take much code to add the code required for this but if it keeps out only 10% of all nuicances then it's still worth it.
And of course you'd implement this on top of some security system. Don't replace your security with this method. Just add it to the layers of protection. All it takes is one field in the cookie and one list of banned GUID's on the server. And of course your regular security system, of course.

And yeah, I am young and innocent but I've learned to rely on more than just one security system. I live in Amsterdam. If you don't have three or more locks on your bike and lock it to a lantarn post or other big, solid object, you'll have to walk home when you leave it there for half an hour or so... My bike has something similar to this cookie. Of course the regular lock and two chain locks which keep it reasonable safe. But in the steering wheel there's also a small lock that prevents you from steering if you don't unlock it. And it's that lock that saved my bike from getting stolen one day, even! Someone had cut off the chainlocks, partly demolished the regular lock and then discovered the steering to be locked.

The additional layer of security might be just enough to discourage a thief/hacker/nuisance. But again, it's an addition, not a replacement.

[dalek]

What was it someone once said "Locks were designed to keep the honest people out" Used to be you could leave your front door unlocked, (Some places in NFLD still do) because you trusted your neighbours, not so today. Point, isn't putting more locks or restrictions in place considered by some to be a sort of a "dare".

Isn't that how the Hacker/Cracker communities began, by experimenting,testing to see if they could get behind those dastardly security protocols, and the more you made tight the screws in front, the more of a gap it created in the back.

Safe crackers probably took more pleasure in beating the combinations of the safe, then actually spending the money taken.