Solved

Website - Restrict Login - One Machine

Posted on 2009-06-27
8
909 Views
Last Modified: 2013-12-23
We have a content management solution based on php. We have restricted multiple logins using sessions management. We would however want to introduce machine based logins.

How can this be done?

Thanks in advance.
0
Comment
Question by:achitaley
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 1

Expert Comment

by:geomouchet
ID: 24727727
You could create a php script to register a machine.  It would use setcookie() to save a cookie. Then when that user returns you use $_COOKIES to retrieve the cookie data.  This is how those "remember me" checkboxes work on various web sites.  Note, though that if the user changes browsers or deletes his cookies he will have to re-register that machine.
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 24727729
You need to determine the IP address of the machines you want to restrict access to, and then use an if statement on the log in, for example
if ($_SERVER['REMOTE_ADDR']=='71.233.246.102')
{
   then do log in code
}

a fast way to detemine your machine IP addresses is go to those machines and go to the website:
http://whatismyipaddress.com/
0
 
LVL 1

Expert Comment

by:geomouchet
ID: 24727794
Using IP address only works if you know that all your users have static IP addresses.  Most users have to pay their ISP extra for that feature.  Company networks tend not to use static IPs because it becomes an administrative headache.
0
 
LVL 4

Expert Comment

by:termlimit
ID: 24732604
IP Address is not reliable, but at the same time is the only method (outside of grabbing a TCP/IP packet and reading the MAC address) to identify a client.  My bank uses a method such as this.  They do it by dropping the IP into a cookie.  If a user tries to login from a machine outside of their own (Same if IP changes from ISP) they are asked to re-identify themselves.  This is done with my bank through a text message to my phone with a special code that I then enter into the website.  You could do something similar to this for your situation.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:achitaley
ID: 24733863
Hello All,

Thanks for your responses till date.

I am looking forward to a more - hassle free - less administrative - machine identity based solution to identify my users through the web browser.

We cannot rely upon IP address... given the fact that IP is dynamically assigned. We were looking forward to restrict a login from one single machine only.

For this, we were contemplating a combination of solutions. For e.g... installing digital certificates on client machine + getting to know his machine's hardware part Info + Range of IP from where he's accessing ; coupled with his past logins = same customer and hence - login is permitted... kinda stuff.

How can I get to know any of his machine's info; let's say the harddisk, motherboard sr. no. etc. .from a web browser?

0
 
LVL 4

Accepted Solution

by:
termlimit earned 125 total points
ID: 24733942
The solution you are proposing is not going to be one that is guaranteed then.  If you allow a range of IP addresses, then technically a couple of machines could still logon.  The digital certificate is a good idea and is used in many places to verify identity.  This could be installed on multiple computers though.

Getting information about the user's computer is a bigger challenge since some users will come from Windows, Linux, Unix, Mac, or through multiple proxies.  If any of these happen most likely any software (which most likely would be done with something other than PHP) you run will break.  Possibly running a client side Java (not JavaScript) software, which can detect computer information would be a better solution than a PHP based system.  Or maybe develop the security applet in Java and have that communicate with PHP in real-time.

Remember any time you are going for absolute security it is hard to restrict access to one machine.  The bank that I have that does this sends a txt message to my phone when my IP address changes to verify me.  If you run software on the client machine it is susceptible to hacking and spoofing.  This holds true for IP verification, computer information validation, etc.

Hope this helps
0
 
LVL 1

Expert Comment

by:geomouchet
ID: 24740548
For some web servers, PHP will see the client certificate in $_SERVER.  You can give it a try.  Other information about the client PC, such as CPUID, is intentionally not returned to the web server for security reasons.

If security is that much of a concern in your application, identifying the computer may not be good enough.  Many users write their userids and passwords on post-it notes stuck to their monitor, or have a list of passwords in their top desk drawer.  Anyone who can walk up to such a computer will defeat your security.

Have you considered fingerprint ID or other biometric systems?  There are fingerprint systems that would allow you to store the login data in the fingerprint ID software.

A simpler solution would be to ask a personal question that only the user would know, i.e. the name of first pet, favorite high school teacher, etc.  
0
 

Author Closing Comment

by:achitaley
ID: 31597483
The information was pertinent. However, my requirement was not fully satisfied.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Let’s list some of the technologies that enable smooth teleworking. 
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now