R
R
Roman Kutenko2011-10-16 11:15:37
PHP
Roman Kutenko, 2011-10-16 11:15:37

Is it possible to link authorization on the site to the workplace

Actually the task is as follows, there is a web site with an admin panel. Is it possible to restrict access to the admin panel from one workplace. For example, if the user comes home, he will no longer be able to access the admin panel. The site is developed in PHP. IP in the office are dynamic.

Answer the question

In order to leave comments, you need to log in

9 answer(s)
@
@greynix, 2011-10-16
_

IP is dynamic, but as a rule, the provider issues ip from a certain range. You only need to find out this block (for example, from the provider) and allow access from this range.

R
RuJet, 2011-10-17
@RuJet

You can configure access to the usb-token.
But here the implementation rests on money.

L
Lico, 2011-10-16
@Lico

Can I put a dyndns client with a specific domain in the office, and check in the admin panel whether the IP address of the authorizing person matches the one to which this domain responds?

S
Sergey Savostin, 2011-10-16
@savostin

If the admin wants, he will bypass any protection.
Options for different degrees of security:
1. Eternal cookie installed on the computer. You can peep which one and install it where you need it.
2. SSL certificate. You can copy and install wherever you want.
3. A certain program tied to hardware (does not run on another computer), which makes a request to the admin panel, forming a request in a certain way, in response receives a “secret” URL that is valid for some time and launches a browser with this URL

P
polevsl, 2011-10-16
@polevsl

As correctly indicated above, an experienced admin will bypass all options, this is 100%.
But if you need protection from users and have access to the computer on which the admin panel should be launched, you can try to organize a check for the presence of a specific file on the local machine.
docs.php.net/manual/en/function.fopen.php - via fopen, for example.
The file is not a cookie, which is different for different browsers, and the user can suddenly clean the disk.
Put it somewhere far away. Well, then at your discretion - you can check the contents of the file, except for its presence.
Such a thought.

A
anitspam, 2011-10-17
@anitspam

it seems that the organizational problem is solved by technical methods. not quite the right approach.
if work is important for employees, then you can fire a couple of people who are trying to work not as prescribed, so that others do not do so.

B
BReal, 2011-10-16
@BReal

In the /etc/hosts file, write the IP range

A
Anton_from_Amber, 2011-10-16
@Anton_from_Amber

Judging by the question, you have heightened paranoia. To all of the above (range of addresses, eternal cookies), control the time of work. That is, when the admin is at home after duty, the system does not let his account. Well, in addition, attach to the access system of your organization the control of entry and exit using magnetic cards: when a person leaves the building (room), block the acc.
And do not forget: a person can connect remote access to his machine and manage the admin panel without all sorts of workarounds, mocking your efforts ;-)

K
keltanas, 2011-10-16
@keltanas

1. Connect a permanent external IP to the organization's network;
2. Transfer the site to a server in the organization's network;
3. Set up access via apache only from the required computer.
4. You can make access to the admin panel only on port 443 through a certificate. And close it on the router from external access. Or set up a firewall on the server so that access to it (port) is only from LAN or from a specific machine in LAN.
Again, it is possible that a person can remotely log into his work machine and do whatever he wants with the site.
You can also come up with a scheme with a VPN ... You can write software that will be instead of an admin panel ... it all depends on how much you need to protect the site admin panel and how many resources the owner is ready to allocate for this)))

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question