I have to build a login in the website which will be bind to a system. e.g. A user can login only through the machine he has registered.
I will not be able to get the mac id or any other unique identifier through PHP which I can bind with that login. I have hosted the website on shared hosting, So I cannot install any new library. Standard libraries are available.
Let me know if there are best possible ways to do the same.
分享 There is no unique id of the machine, at all. MAC addresses don't transition network boundaries, IP addresses are not unique and volatile. Beyond that you only have what you get in the HTTP headers, which is not unique or permanent either.
The best you can do is set a non-expiring cookie on the machine with a unique id and depend on that; i.e. make your own id. That'll create problems when the user switches browsers or machines or just cleans the cookie storage though, so make sure you have a procedure in place for this case. Cookies may also be hijacked, so prepare a procedure for this case too and transact everything over SSL secured connections to minimize the likelihood of that occurring.
In short: everything depending on the physical machine of the user is problematic on the web, since the web is explicitly designed to be client-agnostic. Machine ids cannot be depended upon for security. Registering a machine using a unique cookie can be a useful part in strengthening traditional username/password security, but it's not a replacement.
The best is typically to base your security on traditional usernames/passwords (+ second factor authentication if possible), and use the unique cookie as additional tool. For example, every time the user logs in from an unknown machine, you require an email/SMS feedback loop to "register" the machine.
分享
