Jump to content

Recommended Posts

Greetings,

I am a new member here, so please excuse if I've posted this in the wrong area.  And while I searched for this topic I hope I'm not repeating something you've already covered...

I'm in the early planning stages of a project which will be written almost entirely using php to interface with a mysql database on a hosted server.  It will be critical that data be entered only from known sources.  In other words, its not enough that Mary is able to authenticate with user name and password, we also want to be sure that she is using a machine that is known to the system, not from home or elsewhere.

Although I have a lot of experience coding in php there's nothing popping into mind as a good way to accomplish this.  Ideas?
Link to comment
https://forums.phpfreaks.com/topic/29839-authentication-of-both-user-and-computer/
Share on other sites

the IP address is generally the way that springs to mind. other than that, setting up something in the initial instance in the way of a cookie (a random generated hash that gets stored both in the DB and on their comp). sure, its not perfect, but otherwise there arent too many surefire ways to make sure that someone is on the same machine. if its a private system and not so much a website, then the $_COOKIE method is good. provide the user with a link to set up the cookie in the first instance, and voila.
  • 4 weeks later...
Ive made a system similar to this before. To ensure users could only login from certain computers I wrote a simple visual basic application that I installed only on the computers I wanted to allow access. This program ran in the background and was discreet.

This lil visual basic application updated a mysql table every x minutes with the computers current ip address. The php script would then check that the login is coming from a certain computer by checking the ip's. Its ideal for if the ip changes often too.
[quote author=AJReading link=topic=117760.msg496332#msg496332 date=1167854034]
Ive made a system similar to this before. To ensure users could only login from certain computers I wrote a simple visual basic application that I installed only on the computers I wanted to allow access. This program ran in the background and was discreet.

This lil visual basic application updated a mysql table every x minutes with the computers current ip address. The php script would then check that the login is coming from a certain computer by checking the ip's. Its ideal for if the ip changes often too.
[/quote]

Just out of curiousity:

How do you handle shared ip's?
How do you get the right update interval; how can access be granted if the IP has changed before the update was sent?

I must say I like the idea of having a identifyer that is unavailable to other sites the user visits, but I still see some small issues.

Just thought of this: how is this going to prevent session hijacking? If the user visits a malicous website, the IP will be available and can be easily spoofed... :-\
My bank has a Java applet for their online banking service that handles logins. On my computer I have a key (and in my mind I got a password). Without the key on the computer I only have read access, but if the key is present I am able to make transactions etc.

I suppose you could do something similar, but I don't know how you would check if the key is there, and how to check that the user don't copy the key to another computer
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.