I have a rails app and I want to track if a user of the app is accessing the app from a computer inside a specific venue or office.
I will like to know if my users are accessing from our venue or at their home (any other location). I have tried geocoder gem but its is not very accurate, the other option was using an ip, but my internet provider gives me dynamic ips.
What can I use to solve this problem?
One thing i have also tried is accessing my computers mac address but from what I have been reading, for security reasons there is no way to access this number.
Related
We are looking at a web project and wish to register users according to their GEO location.
i.e. We do not want users in the UK registering as users in the USA.
Using Geo IP we can identify the user's country however a simple VPN service can negate this.
Is it possible to have a VPN IP blacklist or similar that would only force users to connect from "legitimate" IP addresses?
Found this:
https://www.howtogeek.com/403771/why-do-some-websites-block-vpns/
It’s common for websites to locate and track users based on their IP
addresses. IP tracking is an easy way to increase account security,
build targeted advertisements, and show users different content
depending on the country in which they live. This practice of IP
tracking is one of the main reasons why people use VPN services, but
it’s also the reason why blocking VPN access to a website is so easy.
I’m working on an app that will be deployed to a fleet of corporate Windows laptops that are bound to Active Directory. Part of the app would need to allow the user to access the company's intranet URL. Would it be at all to automatically authenticate that user for their intranet without forcing another login? They've already logged into their AD account when logging into the laptop so I want to avoid it if possible. I've searched and haven't been able to find any information that covers this case.
Depending on your security strictness, the username package could be a good fit for you.
We are having an iOS web app for the iPhone 6s. This app needs user authentication in the context of licensing. The user should be able to authenticate himself and must not be able to give his own license to someone else.
Here are the ideas I was thinking of yet:
1: IMEI
If I could retrieve the IMEI using PHP or JavaScript, it would be a great start. But this is not possible, unless it's a native app. And that's just not an option here.
2: Authentication token
Passing a secret authentication token through the URL, like a serial key could work. But the user could easily give it to someone else. And checking IP addresses to detect unlicensed use is not easy, because IP addresses of mobile devices change and make it hard to distinguish one user having different IP addresses from multiple users.
I'm trying hard to think outside the box. But is there any way to authenticate the user of this iPhone web app securely?
We don't want security through obscurity solutions here; It may be not possible to make it definitely impossible to bypass. But it should be as secure as possible.
I want to create a mobile app using Xamarin.Android that will allow users to add their names and email addresses to a list of athletes willing to meet-up for a game of golf, tennis, etc. The app will contain a page for users to enter their name and email address and another page for displaying the list of users. I want to store the users' names and email addresses in a table using Windows Azure but I can't find a package that works with Mono.Android.
Can anyone suggest the best approach for me? A guide or example would be helpful too.
Have you looked at Azure Mobile Apps - tutorial here: https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-xamarin-android-get-started/
I am working on a tool inside of a current iOS app that I only want to be available to a handful of people. The company email addresses are all gmail.
How can I make the app work in a way that, You sign into your google account, and on the server end it will check if you have access or not. If you do, it will then move on to the tool page.
Does Google API have anything on this?
Thanks in advance
Google App Engine has the Users API which you can use to allow people to log in with a Google Account. You can the write server side code to cross check the logged in email address against your whitelist (which may or may not be configurable), and only allow access if the emails match.
Is that the kind of thing you mean?