How to personalize a link to user's IP address

StackOverflow https://stackoverflow.com/questions/21422919

  •  04-10-2022
  •  | 
  •  

Question

I am wondering how big of a job it is to be able to do the following:

I want to have certain web pages on a site only accessible by specific computers. Of course, I can always provide usernames and passwords, but I want it restricted even further.

To illustrate:

  • I give User-A access to page-A.
  • I give User-A a username and password to access page-A.
  • User-A tries to share the username and password with a friend (User-B).
  • User-B tries to access page-A with User-A's credentials, but it does not work because User-B needs to be on User-A's computer to do so.

I know that this is possible to accomplish, since financial institutions employ this kind of security, but can I implement it on my my own? If so, how?

--Edit--

Yani mentioned that filtering by IP would not be wise, since user IP addresses often change. My question now turns to the use of sessions or localstorage/webstorage to control access to certain webpages.

What local data would you need to pull? I would imagine that a database would be required to store computer data for future reference by the system.

Was it helpful?

Solution

IP addresses are, for most home users, temporary only. The ISP will change them every few weeks/months, unless the user has a static IP (which usually costs more).

In addition, a user can take his laptop to a coffee shop and immediately log in from a different IP.

Therefore, IP address filtering is a good idea only if you want to geo-block users (country, state, etc.), but, to my honest opinion, not a good idea for authenticating a user over a long period of time.

You may just need to implement a cookie/session/localstorage with Javascript or server side technology such as PHP, which will be browser & computer specific.

Cookies + IP Address

Combining cookies/localStorage technology ALONG WITH IP address can actually be a good idea for having a 2nd level of securiy (i.e when IP changes, having an alert such as 'it seems as you are loging in from a different IP address, please answer security question...').

Also - when a user will login from a different browser but same computer (and same IP) you can have an extra verification question.

You can even implement a IP address history, such as gmail's.

However, if you had to choose only 1 of the methods - I'd definitely go with cookies/localStorage.

Examples of how to set and get local data in Javascript.

With localStorage (HTML5):

localStorage.setItem('userAuthenticated', '1');
localStorage.getItem('userAuthenticated');

With cookies:

function setCookie(cname,cvalue,exdays)
{
var d = new Date();
d.setTime(d.getTime()+(exdays*24*60*60*1000));
var expires = "expires="+d.toGMTString();
document.cookie = cname + "=" + cvalue + "; " + expires;
} 

function getCookie(cname)
{
var name = cname + "=";
var ca = document.cookie.split(';');
for(var i=0; i<ca.length; i++)
  {
  var c = ca[i].trim();
  if (c.indexOf(name)==0) return c.substring(name.length,c.length);
  }
return "";
}

Hope this helps!

OTHER TIPS

You probably will need to use .htaccess to do this. Try this and see if it works for what you are trying to do.

.htaccess: how to restrict access to a single file by IP?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top