Reputation: 482
PHP Login by hostname. Is this safe enough?
I authenticate users by their hostname for some internal sites. I do this by:
if( gethostbyaddr($_SERVER['REMOTE_ADDR']) == .... ) { ...
But im not sure if it is safe to login users this way. Is there a chance to improve the security of this auto-login method? Or is this method already safe enough?
I like this method due to its simplicity. They work very well.
Thanks
Update:
Environment: Local intranet, with around 20 Clients. Local managed DNS.
My Question is different to Is it safe to trust $_SERVER['REMOTE_ADDR']? because i use the hostname and not the IP-Address to identify the user!
Upvotes: 1
Views: 105
Answers (1)
Reputation: 21665
well, do you trust your DNS? (also make sure you have a quick dns)
also make note that, if the attacker has the password, on WEP/WPA/unencrypted WLAN's, its trivial for an attacker to kick the real client off the net and hijack that ip address (and on WEP encrypted WLAN's, obtaining the password is also trivial)
Upvotes: 1
Related Questions
- How can I prevent SQL injection in PHP?
- How do you parse and process HTML/XML in PHP?
- Deleting an element from an array in PHP
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- Reference - What does this error mean in PHP?
- How does PHP 'foreach' actually work?
- How do I get PHP errors to display?
- Why shouldn't I use mysql_* functions in PHP?
- When should I use 'self' over '$this'?
- What is thread safe or non-thread safe in PHP?