Home      FAQ      Forum      Idea Exchange      Ask a Question      My Stuff      Help   
  
Computer specific filtering
I know that with the Enterprise version of TD, it's possible to setup IP address filtering so only computers connected to that IP address have access.

I propose a solution for either MAC address filtering or motherboard UUID (GUID) filtering or in the case of a phone, the IMEI or ICCID. The solution can be added to the Setup and an administrator can add a computer or phone to the application which will then grant it access.

Your thoughts?

ID
633
Category
Setup
Author

basenine
Date Created
5/8/2013 7:55:04 PM
Date Updated
5/31/2013 8:54:27 PM
Status
New Idea
Score
30
Promoted By
Rick Cogleymartin oliverbasenine
Comments
Rick Cogley 5/10/2013 11:26:16 PM
Just curious but, how does a browser get that kind of info? Is javascript allowed to get it?
basenine 5/11/2013 12:20:33 AM
@Rick
I was just thinking the same thing while I was resting!! Brain has been going flat out and now that I stop, I realise the difficulty...

I'm sure I've read a post on Stack Overflow about java script getting that info...
I'll look into it further.

basenine 5/11/2013 2:05:56 AM
@Rick,
Seems it's not possible,
the post I'd read before was a question that had been asked on how to do it...that post has since been removed.

Here's a similar question...the answer is a definitive and resounding...it can't be done:

http://stackoverflow.com/questions/3189239/how-to-restrict-access-to-web-application-to-one-machine-only

In this post they want the same type of security I'm asking for and note the limitation of IP address filtering because of mobile devices using 3G/4G dynamic networks.

I tell you though - if TD can crack this, they'll be the only ones offering it.

Maybe getting UUID is far fetched...but something needs to be achieved that's more specific to the device IMHO.
Rick Cogley 5/11/2013 3:49:58 AM
Well, it's possible to use browser certificates, but a pain to support, I bet.
basenine 5/11/2013 4:14:15 AM
How does iCloud.com find my iPhone?
The Browser is requesting information specific to a Phone, not an IP address.
Is it that simple or does Apple have their own in-house program that gets the data when the device "phones home" and then parses this back to the browser when asked? What information is Phoned Home....Serial#, UDID, UUID, IMEI...
Kirill Bondar  Staff  5/13/2013 7:49:29 AM
I doubt unique device identifiers of any kind can be accessed by a web site - this could pose serious privacy issues. By the way Apple started to reject applications that try to access UDID from the store.
Kirill Bondar  Staff  5/13/2013 7:53:39 AM
Moreover I do not think there is an universal identifier of some kind. While mobile devices have a sort of serial numbers, desktops do not. MAC address can not be used as such as it is network card specific - that's wired connection and wireless connection will use different cards and different MAC addresses will be reported by the same computer.
basenine 5/13/2013 11:42:13 AM
That's amazing that you say that. I've literally just woken up (2:30am here at the moment!) and I thought the same thing about security issues. Some Malware uses the uuid to gain more control over a pc.
I think with regard to apple: apps are still able to get device specific info - ANZ goMoney does this. I can't access our bank details on my wife's iPhone using my login as her phone is a registered device. And vice versa. Can probably delete this request!!
basenine 5/13/2013 5:10:34 PM
The only solution I've been able to come up with is a Time based and/or Checkbox based User Properties function. This locks a user out from Viewing/Editing tables either outside of certain hours or when the checkbox is unchecked. It takes a bit to set up.
One major benefit of it is that it can be administered via the Front End rather than through the Setup…So you give an Authoritative Role to a User that can Access the User Property table and they can Grant or Deny access as they see fit. The only problem is that in some instances, 4 people actually use one user Role on 2 computers…

If anyone's interested, I could pass on the Setup instructions.

Here's a link to some scripting that can read a local txt file (using XHTML:
http://www.quirksmode.org/js/xmlhttp.html

and, a bit down the page after responses said 'Nay', it shows that you can use js to read a txt file.

http://www.webdeveloper.com/forum/showthread.php?261923-how-to-use-javascript-in-html-to-read-txt-file-and-display-it

So - can we create a txt file, hide it on a computer (so only Directors know where it is) and call it from TD?

Rick Cogley 5/13/2013 5:15:56 PM
Interesting info here. If it works, I'd say it is useful only if the user does not have to click "allow" all the time. THat would get old quickly.
basenine 5/13/2013 5:26:09 PM
Yes - so it would call it at login once…If it can't find the file or it doesn't match the requirement, then it doesn't grant access.

Rick Cogley 5/13/2013 5:58:02 PM
I wonder if HTML5 browser storage is an option. http://www.w3schools.com/html/html5_webstorage.asp


Rick Cogley 5/13/2013 5:59:05 PM
basenine 5/13/2013 6:17:03 PM
Nice work Rick. HTML5 storage is the bigger brother of cookies but with more functionality and more security.
I was trying to get through this post without mentioning cookies but all along thought that if there was something similar to a cookie... ie something that can be stored in the local browser directory that the browser can draw on when requested, securely without it being cleared by the user (cache clean up, delete history, remove cookies etc. ).
Looks like HTML 5 Storage could be useful here
basenine 5/13/2013 6:22:14 PM
And it will also work on mobile devices... Unlike my txt file suggestion. It's good when we all work together like this on solutions.
basenine 5/31/2013 8:54:27 PM
Maybe this tied in with Rick's thoughts on HTML5 web storage:

http://www.w3schools.com/html/html5_serversentevents.asp

??
Feedback
 
Back to Search Results