CODEWITHSUNDEEP
securitywebip
Daniel Scocco
Daniel Scocco

Reputation: 7266

How to limit access to web app to a specific location/computer?

I am working on a web app that will be used by restaurants to let the cashier access data about clients, reservations and so on.

One of my test clients, though, said he would like to allow cashiers access the web app only when they are at the restaurant computer. In other words, he doesn't want his employees to be able to log into the web app and access client info from their homes or from some other location/computer.

My first thought was to check the IP address of the client on the web app, and only allow certain IPs (i.e. the IPs of the restaurant connection) to access it.

The problem is that the Internet connection on most restaurants use DHCP, so their IP keeps changing. I could check only the first 2 bytes of the IP (e.g., 106.280), but this wouldn't be 100% secure, and on some ISPs even the second byte will change from time to time.

Any other ideas on how I can solve this problem?

Thanks in advance.

Upvotes: 2

Views: 2152

Answers (2)

fizzy drink
fizzy drink

Reputation: 682

Like @Eric said, it might work fine. Plus, you can self issue a certificate, it doesn't have to be purchased. The only difference is you will get the "Certificate Authority" warning when using it for the first time in a browser.

But a self-issued certificate might be a simple fix.

Upvotes: 0

Eric
Eric

Reputation: 2116

The best way to do this would be to use client side certificate authentication.

http://www.impetus.us/~rjmooney/projects/misc/clientcertauth.html

Upvotes: 8

Related Questions