Thanks for the replies.
Just to put people's "mind at ease" (that I am not some huge, bloated, "impersonal" corporate "evil empire").
I have a small business that uses UBB's private forum to dispense (for a annual fee), information.
Much of this information is proprietary (high valued intellectual property).
Here's what some of the subscribers say about the service I provide:
"Thanks Paul, love your modeling work, I see it... you have gone the extra mile as always."
"Outstanding stuff. It's obvious that you put an tremendous effort into this stuff. You've got controlled fusion and the other guys are still rubbing sticks together. We tried the IW drills out last night and again a bit this morning."
"Worth the price of admission yet again !"
"So much for so little... As I recall you were supposed to be in a certain state of mind to veiw this stuff. I wouldn't know, I never inhaled either...."
The UBB private forum setup offers virtually no protection.
So all I am looking to do is protect both myself and my customers (who have enough faith in me to spend their hard earned money).
And be able to provide better product because I do not fear that others are taking advantage of me and my customers.
I am not a programmer.
Thus my coming here.
But here's what I have figured out.
I can do everything from and to the UBB User Log In page.
"All I need" is the ability of the UBB Log In page to compute the seed and send it (in the form of embedded ActiveX within"?" the HTML page that the UBB Perl script produces).
And to use the same seed to compute the 'matching' encrypted password to compare to the forum password from the user (running the same seed-encryption on his computer).
The user can only create his password using a "key disk" (running an encrypted "encryption" application program which calculates the Forum Password from the UBB supplied seed. Supposedly this "key disk" "cannot" be duplicated. And if so desired can be "locked" to that specific computer.
The seed changes everytime a user requests the private forum log in page (random generator in program/scripts that produces the UBB User Log In page).
Producing a short lived cookie is only so that the user does not have to go through the same log in procedure if he momentary leaves the Private Forum and then returns.
The whole purpose of this exercise is to make sure that only the authorized computer/user is accessing the private forum.
Again, I am no programmer.
But from what I have seen of the the hacks that people produce, I can't imagine that what I am asking is that difficult for someone with an intimate knowledge of UBB's inner workings (maybe I am wrong, that's why I am here to find out
).
I would be very willing to contract (pay) someone for their services to provide a solution to my problem.
Thanks again for your help.
