One other thing you could do is simply set up SSL with your own certificate so that it will encrypt the connection and then run code via JAVA or some other client side applet that will get the MAC address from the client machine directly. You can then check the MAC against the addresses allowed. Since the connection is encrypted nobody knows that that is what you are checking. Of course there is still a potential for someone that you previously allowed access to find out how you are identifying them and use it against you later on, but there are also problems with identifying someone by their computer unless they keep the computer locked in a closet while they are away. I guess it depends on what you are protecting. National secrets etc. By the way, open SSL with self signed certs is a free method but it is not a good idea if you are needing to verify your credentials to the person coming in.
Larry S. Brown Dimension Networks, Inc. (727) 723-8388 -----Original Message----- From: Leo Spalteholz [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 12:59 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] MAC address user recognition? On February 20, 2003 08:13 pm, Jason Sheets wrote: > MAC addresses are used for on a LAN and not the Internet. Using a > MAC address might work for identification on a LAN BUT in most > operating systems you can easily change the effective MAC address > on the card. Good call. I thought there was some fundemental problem I just couldn't remember enough from my networking class to put my finger on it. > It would probably be better to look for some other form of > identification like SSL certificates or a cookie with the secure > bit on so it will only be sent over an SSL connection. Yeah I'm not super concerned about security and such, this is only a personal page so something simple will do the job. I think I'll just end up hacking together my own encryption algorithm and then storing encrypted passwords in a cookie. Hehe. Security through obscurity, everyones favorite way :) Thanks, Leo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
