(100分)关于网络安全一个对大家都很有意义的问题!网站后台如何获得来访客户端的唯一标识符,例如网卡Mac地址?
(100分)关于网络安全一个对大家都很有意义的问题!网站后台如何获得来访客户端的唯一标识符,例如网卡Mac地址?
我的网站程序如何知道来访问我网站的客户的MAC地址。
我想用这个MAC地址去标识来访客户身份的合法性,由于帐号密码可能会传播出去,所以我想用某种方式来限定某些电脑才是合法的访问客户。
无论是Perl,asp,jsp,php,javascript等任何方式,是否有可以满足这种需求的API?请各路高手不吝赐教!多谢。
问题点数:100、回复次数:20Top
1 楼BlueDestiny(Design Life - never-online.net)回复于 2006-07-18 21:27:33 得分 2
分还真多...发了N贴Top
2 楼mrwang2000(王先生)回复于 2006-07-18 21:45:15 得分 2
个人意见,仅供参考
这个是用javascript在客户端获取MAC地址的代码
///--------------aaa.htm----------------------------
<SCRIPT language=JScript event="OnCompleted(hResult,pErrorObject, pAsyncContext)" for=foo>
document.write (unescape(MACAddr));
</SCRIPT>
<SCRIPT language=JScript event=OnObjectReady(objObject,objAsyncContext) for=foo>
if(objObject.IPEnabled != null && objObject.IPEnabled != "undefined" && objObject.IPEnabled == true && objObject.MACAddress != null && objObject.MACAddress != "undefined")MACAddr = objObject.MACAddress;
</SCRIPT>
<OBJECT id=locator classid=CLSID:76A64158-CB41-11D1-8B02-00600806D9B6
VIEWASTEXT></OBJECT>
<OBJECT id=foo classid=CLSID:75718C9A-F029-11d1-A1AC-00C04FB6C223></OBJECT>
<SCRIPT language=JScript>
var service = locator.ConnectServer();
var MACAddr ;
var IPAddr ;
var DomainAddr;
var sDNSName;
service.Security_.ImpersonationLevel=3;
service.InstancesOfAsync(foo, 'Win32_NetworkAdapterConfiguration');
</SCRIPT>
建议:
客户界面载入以后直接运行这个脚本,然后用一个隐藏的iframe把获得mac地址提交到你的服务器上面去
该方法有一个缺陷:就是会有安全提示.Top
3 楼wangcaiwen()回复于 2006-07-18 22:19:17 得分 1
不知道是讨论技术还是讨论可行性Top
4 楼littlelam(竹子岌)(http://www.toaspx.com)回复于 2006-07-18 23:28:08 得分 10
To:mrwang2000(王先生)
这样相当于提交一个mac地址,
别人只要知道你的mac地址就可以非法登陆了。
To:楼主
通过查用mac 地址来识别客户是没什么用的 mac可以伪造,很简单就可以实现的。Top
5 楼tangqiaojie(小米虫)回复于 2006-07-18 23:47:16 得分 3
借问一下,知道mac地址怎样可以非法登陆啊?呵呵,学习学习,偶不是想做黑客哦Top
6 楼houstond(东方浩气)回复于 2006-07-19 11:37:22 得分 0
mrwang2000(王先生) :
littlelam(比菜鸟还要菜的鸟) :
是的,从一般原则讲,从客户端来的东西服务器端都应该视为不可信。
那么除了获得mac地址外,是否还有其他可以达到目的的了,我就是想除了用户名和密码外,还有个验证用户电脑的机制?
或者从HTTP协议消息里是否能获得某种书柜而达到此类目呢?Top
7 楼cuixiping(无心●愚公)回复于 2006-07-19 20:26:41 得分 10
控件,并采用不公开的算法Top
8 楼keenx(老刀)回复于 2006-07-19 22:13:54 得分 10
js是客户端脚本,这样是毫无安全性可言Top
9 楼fkue23(思之后动)回复于 2006-07-20 00:47:14 得分 1
期待中.......Top
10 楼wawowawoo()回复于 2006-07-20 09:47:34 得分 1
帮顶Top
11 楼houstond(东方浩气)回复于 2006-07-20 13:29:30 得分 0
看来我只好自己做activex了!Top
12 楼xuyang0109()回复于 2006-09-12 00:41:06 得分 20
关注!
我找到一段代码:
[code]
Function GetMACAddress(strIP As String)
Dim myWScriptShell
'利用WScript得到指定IP的信息,保存在临时文件 开始
' Set myWScriptShell = Server.CreateObject("wscript.shell")
myWScriptShell.Run "%comspec% /c nbtstat -A " & strIP & " > c:\" & strIP & ".txt", 0, True
Set myWScriptShell = Nothing
'利用WScript得到指定IP的信息,保存在临时文件 结束
'利用FSO读取临时文件,得到写有“MAC ADDRESS”一行中的MAC地址 开始
Dim myFSO
Set myFSO = CreateObject("scripting.filesystemobject")
Dim myTextStream
Set myTextStream = myFSO.OpenTextFile("c:\" & strIP & ".txt")
Dim macaddress As String
macaddress = ""
Dim myDataLine As String
Do While Not myTextStream.AtEndOfStream
myDataLine = UCase(Trim(myTextStream.ReadLine))
If InStr(myDataLine, "MAC ADDRESS") Then
macaddress = Trim(Split(myDataLine, "=")(1))
Exit Do
End If
Loop
myTextStream.Close
Set myTextStream = Nothing
'删除临时文件
' myFSO.DeleteFile "c:\" & strIP & ".txt"
Set myFSO = Nothing
'利用FSO读取临时文件,得到写有“MAC ADDRESS”一行中的MAC地址 结束
GetMACAddress = macaddress
End Function
[/code]
我适当地加了点注释。参数带入实际的IP。
不过我还是不太相信这段代码,虽然我的机器上测试可以通过,但不懂它的原理(wscript.shell的命令),而且如果客户端使用了代理服务器是否会得到其他机器的MAC,是否得不到实际的MAC,是否安全......
很担心这种方法是否奏效Top
13 楼xuyang0109()回复于 2006-09-12 00:42:36 得分 0
我是楼上。
这段代码是在VB里测试的,在asp中应该删掉“ As String”。Top
14 楼luxu001207(笨笨)回复于 2006-09-12 00:49:02 得分 8
恩,貌似MAC可以用软件进行修改,简单的判断似乎无法真正的识别(悄悄说下,前段时间我就是通过修改自己的MAC和IP和别人的都一样来上网的)Top
15 楼superwfei(文盲)回复于 2006-09-12 06:36:35 得分 1
学习一下。关注中Top
16 楼myvicy(我来也!)回复于 2006-10-22 17:45:54 得分 0
ASP获得网卡的MAC地址
发表日期:2005-11-10 作者:[转贴] 出处:
<% Option Explicit%>
<%
Private Const NCBASTAT = &H33
Private Const NCBNAMSZ = 16
Private Const HEAP_ZERO_MEMORY = &H8
Private Const HEAP_GENERATE_EXCEPTIONS = &H4
Private Const NCBRESET = &H32
Private Type NCB
ncb_command As Byte 'Integer
ncb_retcode As Byte 'Integer
ncb_lsn As Byte 'Integer
ncb_num As Byte ' Integer
ncb_buffer As Long 'String
ncb_length As Integer
ncb_callname As String * NCBNAMSZ
ncb_name As String * NCBNAMSZ
ncb_rto As Byte 'Integer
ncb_sto As Byte ' Integer
ncb_post As Long
ncb_lana_num As Byte 'Integer
ncb_cmd_cplt As Byte 'Integer
ncb_reserve(9) As Byte ' Reserved, must be 0
ncb_event As Long
End Type
Private Type ADAPTER_STATUS
adapter_address(5) As Byte 'As String * 6
rev_major As Byte 'Integer
reserved0 As Byte 'Integer
adapter_type As Byte 'Integer
rev_minor As Byte 'Integer
duration As Integer
frmr_recv As Integer
frmr_xmit As Integer
iframe_recv_err As Integer
xmit_aborts As Integer
xmit_success As Long
recv_success As Long
iframe_xmit_err As Integer
recv_buff_unavail As Integer
t1_timeouts As Integer
ti_timeouts As Integer
Reserved1 As Long
free_ncbs As Integer
max_cfg_ncbs As Integer
max_ncbs As Integer
xmit_buf_unavail As Integer
max_dgram_size As Integer
pending_sess As Integer
max_cfg_sess As Integer
max_sess As Integer
max_sess_pkt_size As Integer
name_count As Integer
End Type
Private Type NAME_BUFFER
name As String * NCBNAMSZ
name_num As Integer
name_flags As Integer
End Type
Private Type ASTAT
adapt As ADAPTER_STATUS
NameBuff(30) As NAME_BUFFER
End Type
Private Declare Function Netbios Lib "netapi32.dll" _
(pncb As NCB) As Byte
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" ( _
hpvDest As Any, ByVal hpvSource As Long, ByVal cbCopy As Long)
Private Declare Function GetProcessHeap Lib "kernel32" () As Long
Private Declare Function HeapAlloc Lib "kernel32" _
(ByVal hHeap As Long, ByVal dwFlags As Long, _
ByVal dwBytes As Long) As Long
Private Declare Function HeapFree Lib "kernel32" (ByVal hHeap As Long, _
ByVal dwFlags As Long, lpMem As Any) As Long
Public Function GetMACAddress(sIP As String) As String
Dim sRtn As String
Dim myNcb As NCB
Dim bRet As Byte
Dim aIP() As String
Dim x As Long
Dim nIP As String
If InStr(sIP, ".") = 0 Then
GetMACAddress = "无效的IP地址."
Exit Function
End If
aIP = Split(sIP, ".", -1, vbTextCompare)
If UBound(aIP()) <> 3 Then
GetMACAddress = "无效的IP地址."
Exit Function
End If
For x = 0 To UBound(aIP())
If Len(aIP(x)) > 3 Then
GetMACAddress = "无效的IP地址"
Exit Function
End If
If IsNumeric(aIP(x)) = False Then
GetMACAddress = "无效的IP地址"
Exit Function
End If
If InStr(aIP(x), ",") <> 0 Then
GetMACAddress = "无效的IP地址"
Exit Function
End If
If CLng(aIP(x)) > 255 Then
GetMACAddress = "无效的IP地址"
Exit Function
End If
If nIP = "" Then
nIP = String(3 - Len(aIP(x)), "0") & aIP(x)
Else
nIP = nIP & "." & String(3 - Len(aIP(x)), "0") & aIP(x)
End If
Next
sRtn = ""
myNcb.ncb_command = NCBRESET
bRet = Netbios(myNcb)
myNcb.ncb_command = NCBASTAT
myNcb.ncb_lana_num = 0
myNcb.ncb_callname = nIP & Chr(0)
Dim myASTAT As ASTAT, tempASTAT As ASTAT
Dim pASTAT As Long
myNcb.ncb_length = Len(myASTAT)
pASTAT = HeapAlloc(GetProcessHeap(), HEAP_GENERATE_EXCEPTIONS Or HEAP_ZERO_MEMORY, myNcb.ncb_length)
If pASTAT = 0 Then
GetMACAddress = "memory allcoation failed!"
Exit Function
End If
myNcb.ncb_buffer = pASTAT
bRet = Netbios(myNcb)
If bRet <> 0 Then
GetMACAddress = "不能从当前IP地址获得MAC,当前IP地址: " & sIP
Exit Function
End If
CopyMemory myASTAT, myNcb.ncb_buffer, Len(myASTAT)
Dim sTemp As String
Dim i As Long
For i = 0 To 5
sTemp = Hex(myASTAT.adapt.adapter_address(i))
If i = 0 Then
sRtn = IIf(Len(sTemp) < 2, "0" & sTemp, sTemp)
Else
sRtn = sRtn & Space(1) & IIf(Len(sTemp) < 2, "0" & sTemp, sTemp)
End If
Next
HeapFree GetProcessHeap(), 0, pASTAT
GetMACAddress = sRtn
End Function
%>
<%
set S_MAC = server.CreateObject( "adodb.recordset")
response.write S_MAC.GetMACAddress(Request.Servervariables("REMOTE_HOST"))
set S_MAC = nothing
%>
试下。
原文地址:http://www.lihuasoft.net/article/show.php?id=2944
Top
17 楼storm0(飘零雾雨.闻弦歌而知雅意,顾叶落而晓秋至)回复于 2006-10-22 18:17:24 得分 0
good luck!Top
18 楼yaozhg(网站开发架构师)回复于 2006-10-23 06:56:06 得分 11
楼主你贴那代码在本机或局域网执行都能取得MAC的,我以前也测试过。。
不过在网上就不行了,我也在找适合的方法。
因为后台想限制只能使用公司的机子登陆,可能使用类型“服务器安全验证”等方法,比如证书什么的。Top
19 楼basanovic(巴萨诺维奇)回复于 2006-10-23 08:39:31 得分 10
2000以上的系统就有修改MAC的地方,本地链接-属性-配置-高级,下面有个network address,选择后,在右边选择值,填上你想冒充的MAC就可以了。
98也可以通过注册表来修改
所有来自客户端的东西都可以是伪造的,楼主就不要在客户端想办法了。Top
20 楼pzhuyy(喝小酒泡尼姑)回复于 2006-10-23 14:21:00 得分 10
公司机子登录用https 只给公司的机子发证书,其它地方登录不了的.Top
相关问题
关键词
得分解答快速导航
相关链接
广告也精彩
反馈
