Let's say I want to create a Webpage, and for security reasons, I want to allow only certain computers to access all of the Webpage's content. I don't want to use cookies, as they're too easy to accidentally delete. I also don't want to use IP addresses, as those can change. I can't use MAC addresses, because the computer won't give my Website that information. What can I do?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Unique computer identification
- Thread starter moonman239
- Start date
- Sort by reaction score
Read about sessions, they are pretty commonly used.
You can also use websockets, ajax and localstorage and tons more; but for your example I'd start with sessions and php.
I'm not really sure of your application here, but I'll give you an example of something I use. I can send an email to someone with a unique id, that ID is crazy long ( 3072-bit RSA key ). That ID is good for a certain time period and uniquely identifies this user on my system. This keeps users from having to register for access and I use it quite a bit for short term access. If someone needs longer term access I have them create an account and use sessions to store a unique ID generated by their login. This ID is saved on the server and passed to each page so that I know who is doing what and where.
Again, I'm really just guessing at what you need here and as you can see there are literally dozens of ways to do this.
You can also use websockets, ajax and localstorage and tons more; but for your example I'd start with sessions and php.
I'm not really sure of your application here, but I'll give you an example of something I use. I can send an email to someone with a unique id, that ID is crazy long ( 3072-bit RSA key ). That ID is good for a certain time period and uniquely identifies this user on my system. This keeps users from having to register for access and I use it quite a bit for short term access. If someone needs longer term access I have them create an account and use sessions to store a unique ID generated by their login. This ID is saved on the server and passed to each page so that I know who is doing what and where.
Again, I'm really just guessing at what you need here and as you can see there are literally dozens of ways to do this.
Last edited:
I agree with the general concept expressed by 960media.
A standardized approach is to generate a UUID (V4 or 5) or Microsoft compatible GUID. Both rely on PHP's uniqid() function which is a random based UUID generator but any security expert would warn you -- make sure you have a good random number generator on your server if you want to use it as a session ID. Example code below courtesy of http://www.php.net/manual/en/function.uniqid.php#94959
First, the Microsoft GUID which is minimal protection but note in the code the many factors involved to help get a more unique value:
Here is a function that generates a V4 UUID that will attempt to use a Linux compatible random number generator on the server or gracefully falls back to a code based generator for, say, Windows systems:
A standardized approach is to generate a UUID (V4 or 5) or Microsoft compatible GUID. Both rely on PHP's uniqid() function which is a random based UUID generator but any security expert would warn you -- make sure you have a good random number generator on your server if you want to use it as a session ID. Example code below courtesy of http://www.php.net/manual/en/function.uniqid.php#94959
First, the Microsoft GUID which is minimal protection but note in the code the many factors involved to help get a more unique value:
PHP:
<?php
public function create_guid($namespace = '') {
static $guid = '';
$uid = uniqid("", true);
$data = $namespace;
$data .= $_SERVER['REQUEST_TIME'];
$data .= $_SERVER['HTTP_USER_AGENT'];
$data .= $_SERVER['LOCAL_ADDR'];
$data .= $_SERVER['LOCAL_PORT'];
$data .= $_SERVER['REMOTE_ADDR'];
$data .= $_SERVER['REMOTE_PORT'];
$hash = strtoupper(hash('ripemd128', $uid . $guid . md5($data)));
$guid = '{' .
substr($hash, 0, 8) .
'-' .
substr($hash, 8, 4) .
'-' .
substr($hash, 12, 4) .
'-' .
substr($hash, 16, 4) .
'-' .
substr($hash, 20, 12) .
'}';
return $guid;
}
?>Here is a function that generates a V4 UUID that will attempt to use a Linux compatible random number generator on the server or gracefully falls back to a code based generator for, say, Windows systems:
PHP:
<?php
/**
* @brief Generates a Universally Unique IDentifier, version 4.
*
* This function generates a truly random UUID. The built in CakePHP String::uuid() function
* is not cryptographically secure. You should uses this function instead.
*
* @see http://tools.ietf.org/html/rfc4122#section-4.4
* @see http://en.wikipedia.org/wiki/UUID
* @return string A UUID, made up of 32 hex digits and 4 hyphens.
*/
function uuidSecure() {
$pr_bits = null;
$fp = @fopen('/dev/urandom','rb');
if ($fp !== false) {
$pr_bits .= @fread($fp, 16);
@fclose($fp);
} else {
// If /dev/urandom isn't available (eg: in non-unix systems), use mt_rand().
$pr_bits = "";
for($cnt=0; $cnt < 16; $cnt++){
$pr_bits .= chr(mt_rand(0, 255));
}
}
$time_low = bin2hex(substr($pr_bits,0, 4));
$time_mid = bin2hex(substr($pr_bits,4, 2));
$time_hi_and_version = bin2hex(substr($pr_bits,6, 2));
$clock_seq_hi_and_reserved = bin2hex(substr($pr_bits,8, 2));
$node = bin2hex(substr($pr_bits,10, 6));
/**
* Set the four most significant bits (bits 12 through 15) of the
* time_hi_and_version field to the 4-bit version number from
* Section 4.1.3.
* @see http://tools.ietf.org/html/rfc4122#section-4.1.3
*/
$time_hi_and_version = hexdec($time_hi_and_version);
$time_hi_and_version = $time_hi_and_version >> 4;
$time_hi_and_version = $time_hi_and_version | 0x4000;
/**
* Set the two most significant bits (bits 6 and 7) of the
* clock_seq_hi_and_reserved to zero and one, respectively.
*/
$clock_seq_hi_and_reserved = hexdec($clock_seq_hi_and_reserved);
$clock_seq_hi_and_reserved = $clock_seq_hi_and_reserved >> 2;
$clock_seq_hi_and_reserved = $clock_seq_hi_and_reserved | 0x8000;
return sprintf('%08s-%04s-%04x-%04x-%012s',
$time_low, $time_mid, $time_hi_and_version, $clock_seq_hi_and_reserved, $node);
}
Last edited: