How to personalize a link to user's IP address

StackOverflow https://stackoverflow.com/questions/21422919

  •  04-10-2022
  •  | 
  •  

Question

I am wondering how big of a job it is to be able to do the following:

I want to have certain web pages on a site only accessible by specific computers. Of course, I can always provide usernames and passwords, but I want it restricted even further.

To illustrate:

  • I give User-A access to page-A.
  • I give User-A a username and password to access page-A.
  • User-A tries to share the username and password with a friend (User-B).
  • User-B tries to access page-A with User-A's credentials, but it does not work because User-B needs to be on User-A's computer to do so.

I know that this is possible to accomplish, since financial institutions employ this kind of security, but can I implement it on my my own? If so, how?

--Edit--

Yani mentioned that filtering by IP would not be wise, since user IP addresses often change. My question now turns to the use of sessions or localstorage/webstorage to control access to certain webpages.

What local data would you need to pull? I would imagine that a database would be required to store computer data for future reference by the system.

Était-ce utile?

La solution

IP addresses are, for most home users, temporary only. The ISP will change them every few weeks/months, unless the user has a static IP (which usually costs more).

In addition, a user can take his laptop to a coffee shop and immediately log in from a different IP.

Therefore, IP address filtering is a good idea only if you want to geo-block users (country, state, etc.), but, to my honest opinion, not a good idea for authenticating a user over a long period of time.

You may just need to implement a cookie/session/localstorage with Javascript or server side technology such as PHP, which will be browser & computer specific.

Cookies + IP Address

Combining cookies/localStorage technology ALONG WITH IP address can actually be a good idea for having a 2nd level of securiy (i.e when IP changes, having an alert such as 'it seems as you are loging in from a different IP address, please answer security question...').

Also - when a user will login from a different browser but same computer (and same IP) you can have an extra verification question.

You can even implement a IP address history, such as gmail's.

However, if you had to choose only 1 of the methods - I'd definitely go with cookies/localStorage.

Examples of how to set and get local data in Javascript.

With localStorage (HTML5):

localStorage.setItem('userAuthenticated', '1');
localStorage.getItem('userAuthenticated');

With cookies:

function setCookie(cname,cvalue,exdays)
{
var d = new Date();
d.setTime(d.getTime()+(exdays*24*60*60*1000));
var expires = "expires="+d.toGMTString();
document.cookie = cname + "=" + cvalue + "; " + expires;
} 

function getCookie(cname)
{
var name = cname + "=";
var ca = document.cookie.split(';');
for(var i=0; i<ca.length; i++)
  {
  var c = ca[i].trim();
  if (c.indexOf(name)==0) return c.substring(name.length,c.length);
  }
return "";
}

Hope this helps!

Autres conseils

You probably will need to use .htaccess to do this. Try this and see if it works for what you are trying to do.

.htaccess: how to restrict access to a single file by IP?

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top