Solved

Website - Restrict Login - One Machine

Posted on 2009-06-27
8
922 Views
Last Modified: 2013-12-23
We have a content management solution based on php. We have restricted multiple logins using sessions management. We would however want to introduce machine based logins.

How can this be done?

Thanks in advance.
0
Comment
Question by:achitaley
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 1

Expert Comment

by:geomouchet
ID: 24727727
You could create a php script to register a machine.  It would use setcookie() to save a cookie. Then when that user returns you use $_COOKIES to retrieve the cookie data.  This is how those "remember me" checkboxes work on various web sites.  Note, though that if the user changes browsers or deletes his cookies he will have to re-register that machine.
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 24727729
You need to determine the IP address of the machines you want to restrict access to, and then use an if statement on the log in, for example
if ($_SERVER['REMOTE_ADDR']=='71.233.246.102')
{
   then do log in code
}

a fast way to detemine your machine IP addresses is go to those machines and go to the website:
http://whatismyipaddress.com/
0
 
LVL 1

Expert Comment

by:geomouchet
ID: 24727794
Using IP address only works if you know that all your users have static IP addresses.  Most users have to pay their ISP extra for that feature.  Company networks tend not to use static IPs because it becomes an administrative headache.
0
 
LVL 4

Expert Comment

by:termlimit
ID: 24732604
IP Address is not reliable, but at the same time is the only method (outside of grabbing a TCP/IP packet and reading the MAC address) to identify a client.  My bank uses a method such as this.  They do it by dropping the IP into a cookie.  If a user tries to login from a machine outside of their own (Same if IP changes from ISP) they are asked to re-identify themselves.  This is done with my bank through a text message to my phone with a special code that I then enter into the website.  You could do something similar to this for your situation.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:achitaley
ID: 24733863
Hello All,

Thanks for your responses till date.

I am looking forward to a more - hassle free - less administrative - machine identity based solution to identify my users through the web browser.

We cannot rely upon IP address... given the fact that IP is dynamically assigned. We were looking forward to restrict a login from one single machine only.

For this, we were contemplating a combination of solutions. For e.g... installing digital certificates on client machine + getting to know his machine's hardware part Info + Range of IP from where he's accessing ; coupled with his past logins = same customer and hence - login is permitted... kinda stuff.

How can I get to know any of his machine's info; let's say the harddisk, motherboard sr. no. etc. .from a web browser?

0
 
LVL 4

Accepted Solution

by:
termlimit earned 125 total points
ID: 24733942
The solution you are proposing is not going to be one that is guaranteed then.  If you allow a range of IP addresses, then technically a couple of machines could still logon.  The digital certificate is a good idea and is used in many places to verify identity.  This could be installed on multiple computers though.

Getting information about the user's computer is a bigger challenge since some users will come from Windows, Linux, Unix, Mac, or through multiple proxies.  If any of these happen most likely any software (which most likely would be done with something other than PHP) you run will break.  Possibly running a client side Java (not JavaScript) software, which can detect computer information would be a better solution than a PHP based system.  Or maybe develop the security applet in Java and have that communicate with PHP in real-time.

Remember any time you are going for absolute security it is hard to restrict access to one machine.  The bank that I have that does this sends a txt message to my phone when my IP address changes to verify me.  If you run software on the client machine it is susceptible to hacking and spoofing.  This holds true for IP verification, computer information validation, etc.

Hope this helps
0
 
LVL 1

Expert Comment

by:geomouchet
ID: 24740548
For some web servers, PHP will see the client certificate in $_SERVER.  You can give it a try.  Other information about the client PC, such as CPUID, is intentionally not returned to the web server for security reasons.

If security is that much of a concern in your application, identifying the computer may not be good enough.  Many users write their userids and passwords on post-it notes stuck to their monitor, or have a list of passwords in their top desk drawer.  Anyone who can walk up to such a computer will defeat your security.

Have you considered fingerprint ID or other biometric systems?  There are fingerprint systems that would allow you to store the login data in the fingerprint ID software.

A simpler solution would be to ask a personal question that only the user would know, i.e. the name of first pet, favorite high school teacher, etc.  
0
 

Author Closing Comment

by:achitaley
ID: 31597483
The information was pertinent. However, my requirement was not fully satisfied.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now