kool_samule Posted November 5, 2010 Share Posted November 5, 2010 Hi Chaps, I have a PHP Application, hosted on IIS 7 Server. The Application needs to be secure for a customer (based in Germany). The problem I face is that the only security I have used is cookies. The customer, however does not want to use cookies, due to the difficulty of managing these cookies at their end. Their solution would be to use some sort of IP Address based security, where only access from certain IP Addresses would be permitted. The problem I see with this is that the customer has numerous different 'sites' across Germany, which would have their own servers and therefore different IP Addresses and in some cases, no server at all. So my questions are: 1. Is IP Address security a viable option? 2. Would the customer's request be a valid concern? 3. What would be the best practice of implementing the request? Many thanks Link to comment https://forums.phpfreaks.com/topic/217837-application-security/ Share on other sites More sharing options...
Yucky Posted November 5, 2010 Share Posted November 5, 2010 I'd strongly advise against such a security measure, if it can even be called that. It's a downright terrible idea unless it's implemented on top of a secure login system. If they continue to object to cookies, for whatever strange reason, I'd consider storing the session ID in the $_GET array (http://host.domain/page.php?sess=idhere) instead. Hardly perfect but it's better than their proposed solution. Link to comment https://forums.phpfreaks.com/topic/217837-application-security/#findComment-1130811 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.