Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do IP's change (un-intentially)?


  • Please log in to reply
1 reply to this topic

#1 Wata

Wata

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 18 April 2010 - 08:56 PM

Situation
I am nearly finished implementing a web application for a school (I won't go into much detail as it is un-necessary). Also, note that my knowlege in PHP is limited; I studied Java for 4 years and self-learned PHP on my spare time.

Anyway, as I complete the project, I am skeptical in the security of the web application. Sure the application checks for common security issues like MySQL injection, session hijacking, and brute force attacks. However, since my knowlege is limited in both PHP and the security side of web applications, I have certian doubt in the applications' security.

Questions
Firstly, I wanted to display the administration log-in panel if the IP of a computer matches an administration account's IP. So basically, only administration could see the log-in panel. This would reduce the temptation of outsiders to breach the application. My question is, does a computers IP change (un-intentially)? If so, how can I distinguish a computer?
NOTE: New admin. IP's can be added within the admin. control panel (if your concerned about this approach)

Any other security implementations I should implement?

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:12 PM

Posted 18 April 2010 - 09:21 PM

Yes, IP addresses can change.
http://en.wikipedia.org/wiki/IP_address#St...ic_IP_addresses

As far as other security measures, I consider a log-in page pretty much mandatory for any administrative functions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users