Unique computer identification

Discussion in 'Web Design and Development' started by moonman239, May 30, 2013.

  1. moonman239 macrumors 68000

    Joined:
    Mar 27, 2009
    #1
    Let's say I want to create a Webpage, and for security reasons, I want to allow only certain computers to access all of the Webpage's content. I don't want to use cookies, as they're too easy to accidentally delete. I also don't want to use IP addresses, as those can change. I can't use MAC addresses, because the computer won't give my Website that information. What can I do?
     
  2. 960design, May 30, 2013
    Last edited: May 30, 2013

    960design macrumors 68030

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #2
    Read about sessions, they are pretty commonly used.

    You can also use websockets, ajax and localstorage and tons more; but for your example I'd start with sessions and php.

    I'm not really sure of your application here, but I'll give you an example of something I use. I can send an email to someone with a unique id, that ID is crazy long ( 3072-bit RSA key ). That ID is good for a certain time period and uniquely identifies this user on my system. This keeps users from having to register for access and I use it quite a bit for short term access. If someone needs longer term access I have them create an account and use sessions to store a unique ID generated by their login. This ID is saved on the server and passed to each page so that I know who is doing what and where.

    Again, I'm really just guessing at what you need here and as you can see there are literally dozens of ways to do this.
     
  3. SrWebDeveloper, May 30, 2013
    Last edited: May 31, 2013

    SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #3
    I agree with the general concept expressed by 960media.

    A standardized approach is to generate a UUID (V4 or 5) or Microsoft compatible GUID. Both rely on PHP's uniqid() function which is a random based UUID generator but any security expert would warn you -- make sure you have a good random number generator on your server if you want to use it as a session ID. Example code below courtesy of http://www.php.net/manual/en/function.uniqid.php#94959

    First, the Microsoft GUID which is minimal protection but note in the code the many factors involved to help get a more unique value:

    PHP:
    <?php
     
    public function create_guid($namespace '') {     
        static 
    $guid '';
        
    $uid uniqid(""true);
        
    $data $namespace;
        
    $data .= $_SERVER['REQUEST_TIME'];
        
    $data .= $_SERVER['HTTP_USER_AGENT'];
        
    $data .= $_SERVER['LOCAL_ADDR'];
        
    $data .= $_SERVER['LOCAL_PORT'];
        
    $data .= $_SERVER['REMOTE_ADDR'];
        
    $data .= $_SERVER['REMOTE_PORT'];
        
    $hash strtoupper(hash('ripemd128'$uid $guid md5($data)));
        
    $guid '{' .   
                
    substr($hash,  0,  8) . 
                
    '-' .
                
    substr($hash,  8,  4) .
                
    '-' .
                
    substr($hash12,  4) .
                
    '-' .
                
    substr($hash16,  4) .
                
    '-' .
                
    substr($hash2012) .
                
    '}';
        return 
    $guid;
      }
    ?>
    Here is a function that generates a V4 UUID that will attempt to use a Linux compatible random number generator on the server or gracefully falls back to a code based generator for, say, Windows systems:

    PHP:
    <?php
    /**
         * @brief Generates a Universally Unique IDentifier, version 4.
         *
         * This function generates a truly random UUID. The built in CakePHP String::uuid() function
         * is not cryptographically secure. You should uses this function instead.
         *
         * @see http://tools.ietf.org/html/rfc4122#section-4.4
         * @see http://en.wikipedia.org/wiki/UUID
         * @return string A UUID, made up of 32 hex digits and 4 hyphens.
         */
          
    function uuidSecure() {
           
            
    $pr_bits null;
            
    $fp = @fopen('/dev/urandom','rb');
            if (
    $fp !== false) {
                
    $pr_bits .= @fread($fp16);
                @
    fclose($fp);
            } else {
                
    // If /dev/urandom isn't available (eg: in non-unix systems), use mt_rand().
                
    $pr_bits "";
                for(
    $cnt=0$cnt 16$cnt++){
                    
    $pr_bits .= chr(mt_rand(0255));
                }
            }
           
            
    $time_low bin2hex(substr($pr_bits,04));
            
    $time_mid bin2hex(substr($pr_bits,42));
            
    $time_hi_and_version bin2hex(substr($pr_bits,62));
            
    $clock_seq_hi_and_reserved bin2hex(substr($pr_bits,82));
            
    $node bin2hex(substr($pr_bits,106));
           
            
    /**
             * Set the four most significant bits (bits 12 through 15) of the
             * time_hi_and_version field to the 4-bit version number from
             * Section 4.1.3.
             * @see http://tools.ietf.org/html/rfc4122#section-4.1.3
             */
            
    $time_hi_and_version hexdec($time_hi_and_version);
            
    $time_hi_and_version $time_hi_and_version >> 4;
            
    $time_hi_and_version $time_hi_and_version 0x4000;
           
            
    /**
             * Set the two most significant bits (bits 6 and 7) of the
             * clock_seq_hi_and_reserved to zero and one, respectively.
             */
            
    $clock_seq_hi_and_reserved hexdec($clock_seq_hi_and_reserved);
            
    $clock_seq_hi_and_reserved $clock_seq_hi_and_reserved >> 2;
            
    $clock_seq_hi_and_reserved $clock_seq_hi_and_reserved 0x8000;
           
            return 
    sprintf('%08s-%04s-%04x-%04x-%012s',
                
    $time_low$time_mid$time_hi_and_version$clock_seq_hi_and_reserved$node);
        }
     

Share This Page