struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ashish Kulkarni <kulkarni_ash1...@yahoo.com>
Subject Re: [OT] Identify web user in intranet
Date Thu, 10 Feb 2005 15:06:29 GMT
Hi
thanx for the mail, here is my problem we have
machines installed on different floors of building,
and we have to design a web page which will give floor
plan and display it on that machine browser, so if the
machine is on 4th floor we want to display the plan of
fourth floor, if the machine had static ip address
then i would have a cross reference table and make it
work, but since there is dynamic IP address, i cannot
do this..
how can we handle this situation, 

Ashish
--- brenmcguire@tariffenet.it wrote:

> There is the MAC address, but only if you are
> connected to the same
> switch/hub. Otherwise, it will fail because the MAC
> address is usually the
> one of the default gateway.
> The big big problem is that almost everything can be
> spoofed. IP address
> can be spoofed (well at least the response never
> arrives...), MAC address
> can be spoofed, even cookies can be spoofed. In
> fact, before writing this
> email, I thought about setting a cookie on the
> client machine, but:
> 1) maybe the client sometimes deletes all of his
> cookies;
> 2) the cookie itself is insecure and can be spoofed.
> In SSH (the Secure SHell, that permits secure remote
> shells), both client
> and server have criptography and electronic
> signatures enabled, so that
> the server is sure that the legitimate owner of the
> private key is the one
> who is communicating. But not in HTTP or at least in
> normal HTTP.
> The SET technology, usually used in money
> transactions (but I have to say
> I never saw that in action!), gives a certificate to
> everyone: client,
> seller and bank.
> Anyway, these technologies identify THE PERSON and
> not THE MACHINE because
> you can simply copy certificates and key pairs on
> another machine (though
> usually, except of extreme cases of stupidity, the
> one which does such a
> thing is the legitimate owner).
> Maybe you can rely on the header of HTTP request, to
> see its OS,
> machine,etc. But again it can be spoofed.
> So I think the most viable way is to use SSL with a
> login phase
> (eventually with a cookie). To identify the agent,
> you should analyze the
> header of HTTP requests, hoping it is not spoofed,
> but only for view
> reasons (different page organizations, different
> colours, etc.) because
> relying on header of HTTP requests is pretty
> dangerous.
> I thought in this email that security is your main
> problem. But if you
> only want to display something different while a
> user is on a different
> machine, I think you should see Dimensions:
> http://mutidimensions.sourceforge.net/
> Hope it helps
> Antonio Petrelli
> 
> Ashish Kulkarni wrote:
> 
> >Hi
> >Is there any thing unique to identify the client
> >machine(desktop) other then IP address?
> >I have a situtation where in my intranet, i need to
> >identify the machine uniquely and do some
> processing,
> >But the problem is that we dont haev static IP
> >address, but dynamic IP address.
> >I want to display a particular screen if the user
> is
> >using a perticular computer or network node
> >
> >Ashish
> >
> 
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@struts.apache.org
> For additional commands, e-mail:
> user-help@struts.apache.org
> 
> 



		
__________________________________ 
Do you Yahoo!? 
All your favorites on one personal page  Try My Yahoo!
http://my.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message