views:

91

answers:

2

For validation purposes, is there a way to detect a user's mac address as they're signing up on a webpage, for example? I'd prefer a LAMP approach, but also open to ASP.NET possibilities.

+5  A: 

I guess you could by reading the ARP cache of the underlying OS, assuming that the client and server are on the same network.

However, using the MAC address for validation is under most circumstances a bad idea:

  • The MAC address can be easily spoofed. Many network drivers allow you to set the address to whatever you want.

  • The MAC address is link local. If there is at least one router between the server and the client, the server will see the closest routers MAC address.

Anders Lindahl
I guess it appears the only way to detect the mac address is to to use a client-side plugin. The original idea is to try to use it as validation-by-device -- for a use-case where many users will be on hte same local WiFi / same IP address.
ina
I'd suggest using regular cookie-based sessions, an SSO (or user+password) framework or client certificates. Which is best depends on your situation and environment.Try to use a common and proven technique before re-inventing the wheel. It's well worth the effort.
Anders Lindahl
Well, there's also a validation problem. One account per user - cookie-based sessions, they could just log out, and create a new account... or use a different browser.
ina
If you plan to let users create their own accounts, you will have to accept that a single person might create several accounts. If you go down the route of identifying the web terminal you will run into cases when a person has a perfectly legitimate reason to change terminal. Take a step back and think about why unique users is important to you. How about using OpenID, http://openid.net/ ?
Anders Lindahl
A: 

Trying to detect mac-addresses is not a good idea.

But you can use a Java Applet to do so. The user will have to allow it to run though.

The Java Applets can be embedded in any webpage

Here is how you do it http://techdetails.agwego.com/2008/02/11/37

Hrishi