You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by br...@tariffenet.it on 2005/02/10 09:08:46 UTC
Re: [OT] Identify web user in intranet
There is the MAC address, but only if you are connected to the same
switch/hub. Otherwise, it will fail because the MAC address is usually the
one of the default gateway.
The big big problem is that almost everything can be spoofed. IP address
can be spoofed (well at least the response never arrives...), MAC address
can be spoofed, even cookies can be spoofed. In fact, before writing this
email, I thought about setting a cookie on the client machine, but:
1) maybe the client sometimes deletes all of his cookies;
2) the cookie itself is insecure and can be spoofed.
In SSH (the Secure SHell, that permits secure remote shells), both client
and server have criptography and electronic signatures enabled, so that
the server is sure that the legitimate owner of the private key is the one
who is communicating. But not in HTTP or at least in normal HTTP.
The SET technology, usually used in money transactions (but I have to say
I never saw that in action!), gives a certificate to everyone: client,
seller and bank.
Anyway, these technologies identify THE PERSON and not THE MACHINE because
you can simply copy certificates and key pairs on another machine (though
usually, except of extreme cases of stupidity, the one which does such a
thing is the legitimate owner).
Maybe you can rely on the header of HTTP request, to see its OS,
machine,etc. But again it can be spoofed.
So I think the most viable way is to use SSL with a login phase
(eventually with a cookie). To identify the agent, you should analyze the
header of HTTP requests, hoping it is not spoofed, but only for view
reasons (different page organizations, different colours, etc.) because
relying on header of HTTP requests is pretty dangerous.
I thought in this email that security is your main problem. But if you
only want to display something different while a user is on a different
machine, I think you should see Dimensions:
http://mutidimensions.sourceforge.net/
Hope it helps
Antonio Petrelli
Ashish Kulkarni wrote:
>Hi
>Is there any thing unique to identify the client
>machine(desktop) other then IP address?
>I have a situtation where in my intranet, i need to
>identify the machine uniquely and do some processing,
>But the problem is that we dont haev static IP
>address, but dynamic IP address.
>I want to display a particular screen if the user is
>using a perticular computer or network node
>
>Ashish
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT] Identify web user in intranet
Posted by Ashish Kulkarni <ku...@yahoo.com>.
Hi
This is not the exact requirement to display floor
plan, i have production line in factory and the worker
needs to know his production plan for that, and he is
not allowed to touch the screen or enter book mark,
this is very crucial to display the correct line, or
else he will end up manufactoring some thing else...
How to tackle this issue
Ashish
--- Jeff Beal <jb...@webmedx.com> wrote:
> If I were to be given this requirement, I'd just
> create a bookmark with
> the appropriate floor number on each computer. For
> computers on the
> fourth floor, I'd create a bookmark
> 'http://somecomputer/showmap?floor=4'. I think that
> the problem of
> mapping dynamically allocated IP addresses to
> computers is too hard for
> the task at hand (displaying floor plans). Of
> course, it's not as if
> it's a hard thing for users to go to a central page
> that has a link to
> all floor plans and click on the one they want. (As
> a side note, Adobe
> once had an SVG demonstration that had a 3-D model
> of their building
> that users could click on to see floor plans of each
> floor. *that* was
> cool.)
>
> Just my two bits.
>
> -- Jeff
>
> Ashish Kulkarni wrote:
> > Hi
> > thanx for the mail, here is my problem we have
> > machines installed on different floors of
> building,
> > and we have to design a web page which will give
> floor
> > plan and display it on that machine browser, so if
> the
> > machine is on 4th floor we want to display the
> plan of
> > fourth floor, if the machine had static ip address
> > then i would have a cross reference table and make
> it
> > work, but since there is dynamic IP address, i
> cannot
> > do this..
> > how can we handle this situation,
> >
> > Ashish
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@struts.apache.org
> For additional commands, e-mail:
> user-help@struts.apache.org
>
>
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT] Identify web user in intranet
Posted by Jeff Beal <jb...@webmedx.com>.
If I were to be given this requirement, I'd just create a bookmark with
the appropriate floor number on each computer. For computers on the
fourth floor, I'd create a bookmark
'http://somecomputer/showmap?floor=4'. I think that the problem of
mapping dynamically allocated IP addresses to computers is too hard for
the task at hand (displaying floor plans). Of course, it's not as if
it's a hard thing for users to go to a central page that has a link to
all floor plans and click on the one they want. (As a side note, Adobe
once had an SVG demonstration that had a 3-D model of their building
that users could click on to see floor plans of each floor. *that* was
cool.)
Just my two bits.
-- Jeff
Ashish Kulkarni wrote:
> Hi
> thanx for the mail, here is my problem we have
> machines installed on different floors of building,
> and we have to design a web page which will give floor
> plan and display it on that machine browser, so if the
> machine is on 4th floor we want to display the plan of
> fourth floor, if the machine had static ip address
> then i would have a cross reference table and make it
> work, but since there is dynamic IP address, i cannot
> do this..
> how can we handle this situation,
>
> Ashish
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT] Identify web user in intranet
Posted by PA <pe...@gmail.com>.
On Feb 11, 2005, at 10:29, Duncan Mills wrote:
> Unfashionable as they are, applets do have their uses.
Perhaps. But this is really something which good, old DNS can easily
solve. There is a plethora of more or less obsolete record types
dealing with identity and location: GPOS, HINFO, LOC, TXT, etc. It's
just a question of setting this up.
Keep in mind that you can very easily access DNS informations through
JDNI:
http://java.sun.com/j2se/1.4.2/docs/guide/jndi/jndi-dns.html
Cheers
--
PA, Onnay Equitursay
http://alt.textdrive.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT] Identify web user in intranet
Posted by Duncan Mills <du...@oracle.com>.
You could always write a Java applet that inspects the machine in some
way and launches the correct page in the browser. I assume that, in this
case the machines don't get moved much, so a simple configuration file
could be used to indicate the correct location.
Unfashionable as they are, applets do have their uses.
Regards
Duncan Mills
http://www.groundside.com/blog
Ashish Kulkarni wrote:
>Hi
>thanx for the mail, here is my problem we have
>machines installed on different floors of building,
>and we have to design a web page which will give floor
>plan and display it on that machine browser, so if the
>machine is on 4th floor we want to display the plan of
>fourth floor, if the machine had static ip address
>then i would have a cross reference table and make it
>work, but since there is dynamic IP address, i cannot
>do this..
>how can we handle this situation,
>
>Ashish
>--- brenmcguire@tariffenet.it wrote:
>
>
>
>>There is the MAC address, but only if you are
>>connected to the same
>>switch/hub. Otherwise, it will fail because the MAC
>>address is usually the
>>one of the default gateway.
>>The big big problem is that almost everything can be
>>spoofed. IP address
>>can be spoofed (well at least the response never
>>arrives...), MAC address
>>can be spoofed, even cookies can be spoofed. In
>>fact, before writing this
>>email, I thought about setting a cookie on the
>>client machine, but:
>>1) maybe the client sometimes deletes all of his
>>cookies;
>>2) the cookie itself is insecure and can be spoofed.
>>In SSH (the Secure SHell, that permits secure remote
>>shells), both client
>>and server have criptography and electronic
>>signatures enabled, so that
>>the server is sure that the legitimate owner of the
>>private key is the one
>>who is communicating. But not in HTTP or at least in
>>normal HTTP.
>>The SET technology, usually used in money
>>transactions (but I have to say
>>I never saw that in action!), gives a certificate to
>>everyone: client,
>>seller and bank.
>>Anyway, these technologies identify THE PERSON and
>>not THE MACHINE because
>>you can simply copy certificates and key pairs on
>>another machine (though
>>usually, except of extreme cases of stupidity, the
>>one which does such a
>>thing is the legitimate owner).
>>Maybe you can rely on the header of HTTP request, to
>>see its OS,
>>machine,etc. But again it can be spoofed.
>>So I think the most viable way is to use SSL with a
>>login phase
>>(eventually with a cookie). To identify the agent,
>>you should analyze the
>>header of HTTP requests, hoping it is not spoofed,
>>but only for view
>>reasons (different page organizations, different
>>colours, etc.) because
>>relying on header of HTTP requests is pretty
>>dangerous.
>>I thought in this email that security is your main
>>problem. But if you
>>only want to display something different while a
>>user is on a different
>>machine, I think you should see Dimensions:
>>http://mutidimensions.sourceforge.net/
>>Hope it helps
>>Antonio Petrelli
>>
>>Ashish Kulkarni wrote:
>>
>>
>>
>>>Hi
>>>Is there any thing unique to identify the client
>>>machine(desktop) other then IP address?
>>>I have a situtation where in my intranet, i need to
>>>identify the machine uniquely and do some
>>>
>>>
>>processing,
>>
>>
>>>But the problem is that we dont haev static IP
>>>address, but dynamic IP address.
>>>I want to display a particular screen if the user
>>>
>>>
>>is
>>
>>
>>>using a perticular computer or network node
>>>
>>>Ashish
>>>
>>>
>>>
>>
>>
>>
>>
>---------------------------------------------------------------------
>
>
>>To unsubscribe, e-mail:
>>user-unsubscribe@struts.apache.org
>>For additional commands, e-mail:
>>user-help@struts.apache.org
>>
>>
>>
>>
>
>
>
>
>__________________________________
>Do you Yahoo!?
>All your favorites on one personal page – Try My Yahoo!
>http://my.yahoo.com
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT] Identify web user in intranet
Posted by Ashish Kulkarni <ku...@yahoo.com>.
Hi
thanx for the mail, here is my problem we have
machines installed on different floors of building,
and we have to design a web page which will give floor
plan and display it on that machine browser, so if the
machine is on 4th floor we want to display the plan of
fourth floor, if the machine had static ip address
then i would have a cross reference table and make it
work, but since there is dynamic IP address, i cannot
do this..
how can we handle this situation,
Ashish
--- brenmcguire@tariffenet.it wrote:
> There is the MAC address, but only if you are
> connected to the same
> switch/hub. Otherwise, it will fail because the MAC
> address is usually the
> one of the default gateway.
> The big big problem is that almost everything can be
> spoofed. IP address
> can be spoofed (well at least the response never
> arrives...), MAC address
> can be spoofed, even cookies can be spoofed. In
> fact, before writing this
> email, I thought about setting a cookie on the
> client machine, but:
> 1) maybe the client sometimes deletes all of his
> cookies;
> 2) the cookie itself is insecure and can be spoofed.
> In SSH (the Secure SHell, that permits secure remote
> shells), both client
> and server have criptography and electronic
> signatures enabled, so that
> the server is sure that the legitimate owner of the
> private key is the one
> who is communicating. But not in HTTP or at least in
> normal HTTP.
> The SET technology, usually used in money
> transactions (but I have to say
> I never saw that in action!), gives a certificate to
> everyone: client,
> seller and bank.
> Anyway, these technologies identify THE PERSON and
> not THE MACHINE because
> you can simply copy certificates and key pairs on
> another machine (though
> usually, except of extreme cases of stupidity, the
> one which does such a
> thing is the legitimate owner).
> Maybe you can rely on the header of HTTP request, to
> see its OS,
> machine,etc. But again it can be spoofed.
> So I think the most viable way is to use SSL with a
> login phase
> (eventually with a cookie). To identify the agent,
> you should analyze the
> header of HTTP requests, hoping it is not spoofed,
> but only for view
> reasons (different page organizations, different
> colours, etc.) because
> relying on header of HTTP requests is pretty
> dangerous.
> I thought in this email that security is your main
> problem. But if you
> only want to display something different while a
> user is on a different
> machine, I think you should see Dimensions:
> http://mutidimensions.sourceforge.net/
> Hope it helps
> Antonio Petrelli
>
> Ashish Kulkarni wrote:
>
> >Hi
> >Is there any thing unique to identify the client
> >machine(desktop) other then IP address?
> >I have a situtation where in my intranet, i need to
> >identify the machine uniquely and do some
> processing,
> >But the problem is that we dont haev static IP
> >address, but dynamic IP address.
> >I want to display a particular screen if the user
> is
> >using a perticular computer or network node
> >
> >Ashish
> >
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@struts.apache.org
> For additional commands, e-mail:
> user-help@struts.apache.org
>
>
__________________________________
Do you Yahoo!?
All your favorites on one personal page � Try My Yahoo!
http://my.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org