Restrict access PC wise ...
Moderator: General Moderators
Restrict access PC wise ...
hi all,
am developing a program for exchange company, there request is to make the website (program directory) accesseble only from certain pc's
so the employee cant log from home, and make un-wanted transfers ...etc
i dont know how to do it, but i know it is possible, because western union doing the same !! and they can restrict to telephone number (there program 100% an online page) i checked it ...
the idea here, (dont know if works) to give them a CD, with an EXE file, when they run the small application it creates a directory as example c:/tnt/locker/auth/system.txt, and to make my page reads the file, if it is not available it then dosent allow the access !!
is that possible or is there any ideas ??
thanks to all in advance ...
am developing a program for exchange company, there request is to make the website (program directory) accesseble only from certain pc's
so the employee cant log from home, and make un-wanted transfers ...etc
i dont know how to do it, but i know it is possible, because western union doing the same !! and they can restrict to telephone number (there program 100% an online page) i checked it ...
the idea here, (dont know if works) to give them a CD, with an EXE file, when they run the small application it creates a directory as example c:/tnt/locker/auth/system.txt, and to make my page reads the file, if it is not available it then dosent allow the access !!
is that possible or is there any ideas ??
thanks to all in advance ...
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
I guess it is really hard, probably impossible, to establish a fail-safe authentification if you're not allowed to edit the htaccess files of the webserver.
If your company has a fixed IP for their internet connection, you could try to read the IP address, with $_SERVER[''REMOTE_ADDR''] but an attacker might fake this.
Looks like your company should think about at least a managed server with full administration webserver.
If your company has a fixed IP for their internet connection, you could try to read the IP address, with $_SERVER[''REMOTE_ADDR''] but an attacker might fake this.
Looks like your company should think about at least a managed server with full administration webserver.
Dunno, I am not a hacker ^^.Mordred wrote:How?theFool wrote:...read the IP address, with $_SERVER[''REMOTE_ADDR''] but an attacker might fake this.
IP spoofing would be possible then, but I cannot say how difficult it is to do so.
I haven't used Remote_addr before but maybe you can supress, fake it like HTTP_Referer but as I think about it now, I'll rather doubt it.
seems great idea,
can you please tell me more about it,
i need to know the following pelase if you can,
if i build online server, IIS
and enabled the php and mysql on it,
how to use the smatcard, and how to set it and ... etc ...
can you guide me or send me to a good DETAILED step by step tutorial
i think i can convence them to have there own host
thanks in advance ...
can you please tell me more about it,
i need to know the following pelase if you can,
if i build online server, IIS
and enabled the php and mysql on it,
how to use the smatcard, and how to set it and ... etc ...
can you guide me or send me to a good DETAILED step by step tutorial
i think i can convence them to have there own host
thanks in advance ...
http://www.belgium.be/zip/eid_authentic ... xy_nl.html
http://www.microsoft.com/belux/msdn/nl/ ... point.mspx
Just search the web for eID..
http://www.microsoft.com/belux/msdn/nl/ ... point.mspx
Just search the web for eID..