Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Regular Coder
    Join Date
    Apr 2007
    Location
    Griffith. Australia
    Posts
    138
    Thanks
    4
    Thanked 4 Times in 4 Posts

    Question Unique Identification

    I am looking for a way to uniquely identify users of an extranet application i'm writing. It can't be based of the IP address because now days that changes more often than most people change their pants, it can't be a cookie because it needs to be persistent and cant be removed without running the terminal removal process. I was thinking something unique to the hardware of the PC and that wouldn't change. Before any of the privacy fans out there start abusing me as has been done in the past saying that I shouldn't be doing this, please take note that the browsers that are accessing the extranet application are company owned as are the computers and access should be restricted to authorised users. They need to be able to login once to a computer which they will always use and set persistent connection. Does anyone have any ideas.

  • #2
    New Coder
    Join Date
    Feb 2007
    Location
    NM. USA
    Posts
    10
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Hardware "fingerprints" are pretty common with desktop software. How are you planning on getting the information? You would have to have and ActiveX or other plugin to reach outside the "browser barrier". I am curioius to hear what you come up with because I have tried (unsuccesffully) to setup a similar system.


    _________________________
    "Insanity is hereditary - you get it from your children." Sam Levenson
    Web Development Company – Projects (Electronics Stock Photos for $1Compare Microstock agencies (Dreamstime, LuckyOliver & More))

  • #3
    ess
    ess is offline
    Regular Coder
    Join Date
    Oct 2006
    Location
    United Kingdom
    Posts
    866
    Thanks
    7
    Thanked 30 Times in 29 Posts
    If you are sure that all of your users are only using IE, then ActiveX is a good solution in this case.

    However, I would personally use Java with signed applets for extra security so that users are not restricted to using one technology only.

  • #4
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,106
    Thanks
    11
    Thanked 101 Times in 99 Posts
    access should be restricted to authorised users.
    users or computers ? what if Dave uses Sue's computer ? (he does that a lot I hear ) perhaps look at authentication against active directory/LDAP etc , in other words use the local network authentication rather than your own or a third party method.

    That way should you ever need to track down a user to a computer you can do that via the LDAP logs etc.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #5
    ess
    ess is offline
    Regular Coder
    Join Date
    Oct 2006
    Location
    United Kingdom
    Posts
    866
    Thanks
    7
    Thanked 30 Times in 29 Posts
    Quote Originally Posted by firepages View Post
    users or computers ? what if Dave uses Sue's computer ? (he does that a lot I hear ) perhaps look at authentication against active directory/LDAP etc , in other words use the local network authentication rather than your own or a third party method.

    That way should you ever need to track down a user to a computer you can do that via the LDAP logs etc.

    Very interesting observation there. What if the website is hosted on a system that does not support Active Directory?

  • #6
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,106
    Thanks
    11
    Thanked 101 Times in 99 Posts
    Quote Originally Posted by ess View Post
    Very interesting observation there. What if the website is hosted on a system that does not support Active Directory?
    I am assuming that there is some authentication already required to access the network whether that be a domain controller or simple NTLM/workgroup authentication, and if so then it may make sense to make use of that.

    If not then you still have the issue that mac addresses are not reliable because 1) they can be faked & 2) Dave and Sue as noted above.
    Edit: and 3) the initial problem of getting the mac address in the first place
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #7
    Regular Coder meth's Avatar
    Join Date
    Jan 2003
    Posts
    262
    Thanks
    0
    Thanked 9 Times in 9 Posts
    Dave and Sue; always a problem. Have you come across SSL-Explorer before?
    I do Web Design, Brisbane based.
    More time spent in PHP/MySQL Web Development.
    And Search Engine Optimisation takes up the rest of it.

  • #8
    ess
    ess is offline
    Regular Coder
    Join Date
    Oct 2006
    Location
    United Kingdom
    Posts
    866
    Thanks
    7
    Thanked 30 Times in 29 Posts
    Good reference there meth.


  • #9
    Regular Coder
    Join Date
    Apr 2007
    Location
    Griffith. Australia
    Posts
    138
    Thanks
    4
    Thanked 4 Times in 4 Posts
    Thanks, guy's, those are all good suggestions. To address all concerns about Dave and Sue, access to the web portal isn't being made by the same users at the same computers, this type of software is being accessed by a variety of users on computers which are locked up when not in use. The point of this program is to allow certain terminals access to the web portal without requiring user-based authentication. Sorry if I didn't make that one clear before. What I was thinking I could do was use a signed Java applet to detect the computers MAC address and use that but I was wanting to know if there is a better solution. Not all the computers will be running IE, some of them will be running firefox as well so ActiveX's are out of the question.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •