I stored the users IP address when they are registered.After that if they access the site from another Ip address I need to ask some security questions based on the registration.So is it possible to track the IP address.Otherwise the IP will change frequently?.
p.s No need to bother about Proxies and IP spoofing.
views:
39answers:
4
+2
A:
Unless you can guarantee that each user will have a consistent IP address (which you can't), why bother with this sort of "authentication"?
DeathMagus
2010-10-22 04:27:22
+4
A:
$_SERVER['REMOTE_ADDR'] returns the IP address. You know that, since you stored it in the database. When they login, you simply try to match their IP with what you have in the database and popup the questions. I don't see where the problem is. Also, if you didn't, consider using INET_NTOA and INET_ATON ( http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html ) functions of MySQL.
Good luck annoying users!
Claudiu
2010-10-22 04:28:32
+1
A:
Short answer is no. There's no way to track the IP address because a user could log on using a different computer, and the IP would be totally unrelated.
Andrew Cooper
2010-10-22 04:28:37
A:
In practice many different users from the public internet often use the same IP address via NAT or other IP sharing. DHCP is much more common than it was in days of yore, which means these IP addresses will be released and re-issued daily or at some other frequency. Mobile devices will change IP addresses frequently. So the stability and validity of an IP address varies by networking technology (cellular, cable, DSL, dial-up, etc).
This may be fine, based on your security policies. You should also look at nonces, forced logins, and other security mechanisms based on what your trying to accomplish. You may want to change the session id every N requests or hash the User Agent string with the IP address.
Ozten
2010-10-22 04:38:38