php security IP logging?

R

Ratchetr

New member
It's a poor way to do security, but it might work OK in a very limited area.
User name/Password authentication is usually better.

You are assuming you are limited to users who are given static IP addresses. Works OK in a small, isolated network. But what happens if more and more people want to use your site? It's the coolest thing since sliced bread, so I want to access it from home too, using my VPN account?

You're also assuming that users can't change their IP address. Only works if you are absolutely sure that every users machine is locked down enough that they don't have permission to change their static IP. Otherwise, I just figure out what the bosses IP address is, go in and change mine, and...voila!

And of course it falls in a heap if you need to connect it to the wild, wild internety.

Bottom line: You could make it work, but it won't scale if you are successful. Plan for success.
 
Now my networking skills are limited shall we say but here is my question. As a strong method of security would it be possible for the following.

Save a persons IP into a file.

I know PHP can read files and how to read them I also know PHP can get a persons IP so here is my question.

Could I save a person IP then when a person visiting a certain page their IP is captured and compared to the file if it doesn't match they get redirected if it does they can stay obviously to go along with this we set the allowed computers IP to static. I was wondering thats all as a method of security for an admin page. I don't know if IP's can be duplicated with different sub masks you see if they can this is flawed but then again can you also store things like the sub mask etc.
 
You're contemplating making an admin page without a password? Also, working on the basis of IP is very flawed. If your site gets big and you need more admins, what will you do then? If you know somebody really trustworthy and they want to help you but they're on AOL what will you do then?

If your site has Cpanel, You can password protect a folder in a matter of minutes. As long as you use a secure password and have a good antivirus on your own computer (to prevent keylogging) thats all you're likely to need for now
 
You're contemplating making an admin page without a password? Also, working on the basis of IP is very flawed. If your site gets big and you need more admins, what will you do then? If you know somebody really trustworthy and they want to help you but they're on AOL what will you do then?

If your site has Cpanel, You can password protect a folder in a matter of minutes. As long as you use a secure password and have a good antivirus on your own computer (to prevent keylogging) thats all you're likely to need for now
 
It's a poor way to do security, but it might work OK in a very limited area.
User name/Password authentication is usually better.

You are assuming you are limited to users who are given static IP addresses. Works OK in a small, isolated network. But what happens if more and more people want to use your site? It's the coolest thing since sliced bread, so I want to access it from home too, using my VPN account?

You're also assuming that users can't change their IP address. Only works if you are absolutely sure that every users machine is locked down enough that they don't have permission to change their static IP. Otherwise, I just figure out what the bosses IP address is, go in and change mine, and...voila!

And of course it falls in a heap if you need to connect it to the wild, wild internety.

Bottom line: You could make it work, but it won't scale if you are successful. Plan for success.
 
Back
Top