是否有可能限制PHP页面某些设备? [英] Is it possible to restrict PHP page to certain devices?
问题描述
我已经建立一个PHP的Web应用程序,我只希望我的妻子和我有机会获得太多。添加密码保护增加了不必要的用户一步 - 它是可以限制网页对某些设备(如iPhone手机我们,iPad和的MacBook),无论WIFI / 3G网络等
我不认为PHP可以判断MAC地址 - 那么有没有比密码保护
其他合适的方法?谢谢,
迈克
修改
一些进一步的信息,以帮助澄清:
服务器在Debian / Linux上运行(该RaspBMC旁枝Raspbian的是precise)。
我需要访问从任何地方,家庭和外出走动。
感谢
通过隐藏的安全?
从技术上讲,任何设备仍然可以访问应用程序,但它会采取一个',而'来做到这一点,特别是如果你强制睡眠(猜测的10位数字的简单组合将在有300+年的最大猜测时间1秒的睡眠,所以它pretty不可能有人能正确猜出它)。例如:
睡眠(1); //制止暴力
如果($ _ GET ['权威性'] == 'sdfjksahdkfjshadkjrfhwaoieua3487a3wt897dywydd39d87haw387d8a3hd7a8hd387wahd089afh980a3yfh983ahf398ahsdaf') {
//运行应用程序
}其他{
//抛出404
}
保存链接到应用程序的设备上你要访问它,像这样:
<$p$p><$c$c>http://www.applocation.com/app.php?auth=sdfjksahdkfjshadkjrfhwaoieua3487a3wt897dywydd39d87haw387d8a3hd7a8hd387wahd089afh980a3yfh983ahf398ahsdaf失去你的手机/平板电脑/任何设备,你有一个链接到应用程序和安全性立刻受到影响,但考虑到你不想下去密码路由,即会出现这种情况呢。
这将包括大部分的安全需求。这不是安全的,所以如果通过该人被窥探一个dodgey公共网络访问它,它的安全受到威胁。但是这取决于你如何安全需要它。如果你存储在网页上的银行资料/密码(这是一个可怕的想法反正),我个人甚至不考虑此选项; '以防万一'。但如果它是相当轻微东西,不管那么多了,这是绝对的罚款。这背后的主要思想是只是为了阻止人们意外地访问你不希望他们看到的东西。
此外,如果你认为也许有人已经发现了它,你可以更新AUTH字符串不同的东西反正。
I've build a PHP web application which I only want my wife and I to have access too. Adding password protection adds an unnecessary user step - is it possible to restrict the page to certain devices (e.g. our iPhones, iPad and MacBook) regardless of wifi / 3G network etc.
I don't think PHP can determine MAC address - so is there a suitable method other than password protection?
Thanks,
Mike
EDIT
Some further info to help clarify:
The server is running on Debian/Linux (The RaspBMC off-shoot of Raspbian to be precise).
I need access from anywhere, home and out and about.
Thanks
Security through obscurity?
Technically, any device could still access the application, although it would take a 'while' to do it, especially if you force a sleep (Guessing a simple combination of 10 digits would have a maximum guess time of 300+ years at a sleep of 1 second, so it's pretty unlikely someone could guess it correctly). For example:
sleep(1); // Deter brute force
if ($_GET['auth'] == 'sdfjksahdkfjshadkjrfhwaoieua3487a3wt897dywydd39d87haw387d8a3hd7a8hd387wahd089afh980a3yfh983ahf398ahsdaf') {
//run app
} else {
//throw 404
}
Save the link to the app on the devices you want to access it like so:
http://www.applocation.com/app.php?auth=sdfjksahdkfjshadkjrfhwaoieua3487a3wt897dywydd39d87haw387d8a3hd7a8hd387wahd089afh980a3yfh983ahf398ahsdaf
Lose your phone/tablet/whatever device you have a link to the app on, and security is immediately compromised, but considering you don't want to go down the password route, that would be the case anyway.
This will cover the majority of your security needs. It's not secure, so if accessed it via a dodgey public network which people were snooping on, it's security is compromised. However it depends how secure you need it to be. If you're storing bank details/passwords on a webpage (which is a terrible idea anyway), I personally wouldn't even consider this option; 'just in case'. Although if it's fairly minor stuff that doesn't matter that much, it's absolutely fine. The main idea behind this is just to stop people from accidentally accessing things you don't want them to see.
Besides, if you think that maybe someone has found it out, you can just update the auth string to something different anyway.
这篇关于是否有可能限制PHP页面某些设备?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
