-
June 6th, 2006, 07:04 PM
#1
Junior Member
MAC address detection
I am running a torrent tracker and would like to make my users accounts safer...so i would like to make an account acessible from only 1 pc and i'd like to make this using the MAC address or CPU-ID...could it be done using PHP or any other language that could be implemented in a website? If so which is the language and how could i do this?
-
June 6th, 2006, 10:04 PM
#2
Junior Member
Scince your dealing with a web site for authintication - no - MAC address isnt one of the SERVER VARIABLES available to you. Maybe make the MAC address a part of the login. Show them how to obtain the MAC and use it to authinticate. But if they write it down and take it to another pc this idea wont work. (hoping no one can remember a MAC address)..
-
June 6th, 2006, 10:14 PM
#3
Junior Member
the thing is that the user isn't supposed to enter the mac....i have to get the mac in order to check it when somebody starts their torrent client so i can compare it to the one in the database....so i have to do this automatically....would an activex component solve my problem? if yes...how do i build it...maybe a few outlines or smth to start from....
-
June 6th, 2006, 10:20 PM
#4
You're not going to get the MAC address of the remote machine from the packets themselves. The packets will show the MAC address of the last router the packet passed through.
You could do it with some script or something I'm sure... But I have never used torrents so I don't know how they work.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
June 6th, 2006, 10:40 PM
#5
Junior Member
it;s basic php...if it can be done in php it can be done to a torrent...so...is it do-able in php?
-
June 6th, 2006, 10:42 PM
#6
Junior Member
here is an idea - durring account creation - take the unix time of the new account - store it and a MD5 version of the unix time into the regiser database. create a cookie on the client with the MD5 key. Now - there is now way that the hacker can hack this because he dont know the exact unix time of creation.
upon future logins - query the MD5 from the cookie and unix time from database and see if match - if not - hacking has happened. Ill have to think on this one more....sounds fool proof.
-
June 6th, 2006, 10:44 PM
#7
Junior Member
and what if the user hits "clear cookies" button...sounds like he won't be able to login anymore
-
June 6th, 2006, 10:49 PM
#8
Junior Member
i posted more on my blog - <a href="http://2advent.com:81/ViewComments.php?blogid=131">http://2advent.com:81/ViewComments.php?blogid=131</a>
-
June 6th, 2006, 10:56 PM
#9
Junior Member
i think i'll have to say it once again...what if the user reinstalls windows or deletes cookies....wouldn't he be unable to login from that point?
-
June 7th, 2006, 02:50 PM
#10
Junior Member
In the case of cookies being cleared, there could be a 2nd factor authentication process on the web server, say, having a button saying "Request new cookie", then asking for your first pet's and mother's maiden name.
Just my 2p's worth
Sean
If a packet falls in an empty network, - does it make any noise?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|