[eluser]Mike Ryan[/eluser]
[quote author="drewbee" date="1218310770"]Correct. If money is concerned you will have to do that. In fact I wouldn't recommend it any other way. Then you just have to go to the issue of keeping the same user registering multiple accounts. Another step to deter the process, but better then non-registered at all.[/quote]
I would just like to second (well, third actually) this idea - if money is involved, you will *have* to get the users to register and then worry about multiple accounts. I can't think of a single way of reliably authenticating anonymous users over the web that couldn't be defeated with ten minutes worth of Perl.
Hashing the user-agent and IP will stop non-technical users from registering multiple times with the same browser but it would be trivial to circumvent this with a script, as the script defines what information is sent to server. It is essentially no more secure than blocking based on IP alone. It would slightly reduce the number of NAT users that get blocked, as long as they use different browsers.
Have you thought about opening the site in beta to test whatever system you decide on? I'm sure some people on the forum would be happy to try and bypass your system just for the fun of it. Although if they do find a way, they might not tell you until the site goes live and they "win" the competition ;-P
