Jake Pucan
Reputation: 656
Securing Login Form using IP Address
I have a user's table and it contains the ff.
uid
username
password
ip
Here is the scene:
If UserA was successfully logged in, the IP row will insert an IP so that if someone attempt to log in or attack, it will check first if IP exist(meaning: account is in use) on row and if it does, it will reject the login request. and if UserA logged out the IP on row will become empty.
Is this good enough to secure my login and user?
Upvotes: 0
Views: 199
Answers (1)
Liam
Reputation: 2837
I would not use the IP as someone else can login from same network with same IP. Perhaps you could just hash out the time of login and save the hash in the db and in session.
Upvotes: 0
Related Questions
- Make sure one person can only put one input
- How to catch the same user with different ip
- Stopping session hijacking
- Block user ip registration using mysql, php and html
- Prevent attack on login using sessions in php
- PHP user authentication using database and ip address?
- Restricting Access by IP, cookies? - Any better solution?
- PHP Session - Multiple Users With 1 IP
- How Can I Make This Login System More Secure
- restricting users by ip and number of login attempts in php