August 18th, 2010, 08:27 PM
Limit Access Except from Specific Computers
I am developing a very simple web application for a family member. She has employees that work from several different locations. She wants a web application that will allow her employees to clock in and out via a web interface. The problem is that she doesn't want them to be able to do this from home or any other location except from her offices. The application is simple enough, but how can I restrict access from the web and only allow her office computers to use it. I thought about some firewall rules, but some sites might have dynamic ip's. Really what I would like to happen is when you connect from an unautherized computer a page would come up saying that you cannot connection outside the office. Any thoughts?
August 18th, 2010, 09:08 PM
In short, there is no way to do it with software.
You can have her install client certs on all the computers, and check for them. But there is nothing to prevent someone from copying the file.
You can filter or redirect on IP addresses, but that is only a first level filter, a good hacker can get past that in seconds.
You could write an application and install it on each machine that reports the NIC's mac address, but that can be spoofed.....
August 19th, 2010, 02:21 AM
Another alternative could be to put a hardware vpn in at the offices and only have the application available via the vpn.
It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi