|
|
Posted by Colin McKinnon on 06/13/15 11:25
Optonline wrote:
> I dont know if this is the right group so here is my question. I have a
> MySQL database setup and I want to give certain people access to it but I
> only want them to access it from there computer so I know they haven't
> given access to friends. The only way I know is to record the ip address
> to MySQL database and compare at login but that's a problem if the user do
> not have a static ip. Is there something I can record in the database and
> compare from the user that never changes if so how?
>
Not really a PHP nor a MySQL question.
Of course it is possible - just not very practical. Browser fingerprinting
might provide some of the functionality - but is very far from a
complete/accurate solution. What you could try is:
1) only allow 1 concurrent login per user (if it's accessed via the
internet, you can't even assume that a user's IP address will be constant
throughout a session). You'll probably want to tie in the PHP session
expiry with the concurrency control.
2) if it's only running on a LAN, consider usig ident (available for MS too
- see the squid homepage).
3) use a one-time password, sent on request to the (registered) users email.
When they supply that token to a particular page on your site, drop a
long-lasting cookie on their browser which is required along with
conventional methods (username+password) to access the page. This can all
be packaged up in a single URL with a GET query.
HTH
C.
Navigation:
[Reply to this message]
|