MAC address detection

[tataencu]

the fact is that i think we could get the MAC address through an activex control built in visual basic...i'll have to study more about this..but the other nastty thing is that i need to compare the mac with the one of the current computer without them accessing the website...to prevent .torrent files being stolen from users computers, because when you download from a torrent tracker using the torrent client it goes through announce.php and this is where i'll have to check the mac..but the thing is that announce.php is called from the torrent client and not the browser, fact that makes this a lot trickier...

[sdewis]

good idea but a LOT of people block activeX content nowadays, so you wouldn't get a MAC address back if that were the case.

[Neptune0z]

Honestly, I think you might be taking the wrong approach here...A good authentication system will require a user to provide two things:

Something you know, and something you have...

Authentication by using MAC addresses is a weak practice at best. This is simply because the MAC is easily spoofable. In addition, just like Tiger Shark pointed out, MAC addresses are not routeable over a WAN, your going to have to provide some form of 'wrapper' to make sure that information gets to the server.

I don't know the specifics about your setup, or how secure you plan on making your service, but I think something more along the lines of Public Key Infrastructure is what your looking for.
I'm sure you'll be able to find perl or PHP implementations of it if you google.

[tataencu]

the thing is that if you spoof your mac you can't get on the site you have to have the right mac in order to do that..so you first have to find the mac of the person that has the account