Re: mac address and additional protection
On Tuesday 09 Sep 2008, Al Musella, DPM wrote: > then when it comes times for upgrades - crack down. Have the > upgrade count how many users are in the database and refuse to > install if more than the licensed # of users are using it.. and if it Broadly, your upgrade process has the same problem as the original program. Look at the work arounds for when XP SP3 stops believing your serial number, for instance. -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312290 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: mac address and additional protection
Or you could try to do what microsoft did with windows... allow the licensing terms to easily be bypassed - and let a huge installed base of loyal users get hooked on it.. then when it comes times for upgrades - crack down. Have the upgrade count how many users are in the database and refuse to install if more than the licensed # of users are using it.. and if it turned into a critical software - they would have no choice but to upgrade to the correct liscense. >If you can't trust your end users not to violate the license terms, you can't >trust them not to alter your code. >You could, for instance, use public key encryption to 'sign' the config file >that says 'number of users = 100' so it can't be changed, but the end user >could just comment out your signature check . > >We're getting into 'DRM is a pointless arms race' land here :-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312241 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: mac address and additional protection
On Monday 08 Sep 2008, Richard White wrote: > however there is nothing stopping them from creating a login and providing > that same login to various people If you can't trust your end users not to violate the license terms, you can't trust them not to alter your code. You could, for instance, use public key encryption to 'sign' the config file that says 'number of users = 100' so it can't be changed, but the end user could just comment out your signature check . We're getting into 'DRM is a pointless arms race' land here :-) -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312223 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: mac address and additional protection
Maybe you could embed the user's name in places that would make it harder for people to use with the wrong login information.. For example, on the main page display the current users' name and email address.. they will be less likely to share the log in info with strangers. Have reports print the logged in users' name displayed. They can change the name for the account, but then it changes for everyone using that login. You can monitor for patterns of frequent changes to see if multiple people keep using it. > > we therefore thought that we could use the mac address to > > register not just users but also computers. we can also make > > users and passwords unique to individual computers. then we > > could also limit the amount of computers that have access to > > the software. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312187 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: mac address and additional protection
Which would potentially also have different IP addresses... Eric /*-Original Message- /*From: Dave Watts [mailto:[EMAIL PROTECTED] /*Sent: Monday, September 08, 2008 10:08 AM /*To: CF-Talk /*Subject: RE: mac address and additional protection /* /*> we therefore thought that we could use the mac address to /*> register not just users but also computers. we can also make /*> users and passwords unique to individual computers. then we /*> could also limit the amount of computers that have access to /*> the software. /* /*Aside from the ability to change MAC addresses as mentioned by others, how /*would you handle multiple MAC addresses from the same client? My laptop /*has /*a MAC address for the Ethernet adapter, one for the wireless, and one for /*my /*Verizon data card. /* /*Dave Watts, CTO, Fig Leaf Software /*http://www.figleaf.com/ /* /*Fig Leaf Software provides the highest caliber vendor-authorized /*instruction at our training centers in Washington DC, Atlanta, /*Chicago, Baltimore, Northern Virginia, or on-site at your location. /*Visit http://training.figleaf.com/ for more information! /* /* ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312183 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: mac address and additional protection
> we therefore thought that we could use the mac address to > register not just users but also computers. we can also make > users and passwords unique to individual computers. then we > could also limit the amount of computers that have access to > the software. Aside from the ability to change MAC addresses as mentioned by others, how would you handle multiple MAC addresses from the same client? My laptop has a MAC address for the Ethernet adapter, one for the wireless, and one for my Verizon data card. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312182 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: mac address and additional protection
really good points, thanks your right its just a matter of us monitoring it and getting the internal software to flag us if anything is happening thanks for the replies > hi > > we have a debate that we need some expert advice on!!! > > our software is going to be used by university institutions. when > tailoring the package we want to limit it to a certain amount of users. > > > however there is nothing stopping them from creating a login and > providing that same login to various people > > we therefore thought that we could use the mac address to register not > just users but also computers. we can also make users and passwords > unique to individual computers. then we could also limit the amount of > computers that have access to the software. > > when researching how to get the mac address in coldfusion we started > coming across sites that said that mac addresses are not unique and > they can be changed to whatever the user wants. we were under the > impression that every computer had a unique unchangeable mac address > > what are your thoughts on this, and what other solutions to do you > see? > > thanks for your help > > richard > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312178 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: mac address and additional protection
As others above mentioned MAC addresses can be spoofed to whatever you want with minimal effort. It would be as futile as monitoring IP addresses. That being said, does the average user know/care to do that? Probably not, unless they were tryign to scam the system. You could probably try to flag the account if the subnet the IP address was on changed drastically, or if the user logged in simultaneously from different subnets. I don't think you'll find an airtight solution no matter how you spin it. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312176 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: mac address and additional protection
MAC addresses are not guaranteed to be unique and they can be changed to whatever you want. Trying to pursue a MAC address solution would likely end up being frustrating for the support staff and for the users. Many two-factor authentication solutions will help with the issue of multiple people logging in with the same account. So would a clearly-worded terms of service agreement as well as monitoring IP addresses in the logs. You could also have code that only lets one person be logged in with an account at one time. -Mike Chabot On Mon, Sep 8, 2008 at 7:49 AM, Richard White <[EMAIL PROTECTED]> wrote: > hi > > we have a debate that we need some expert advice on!!! > > our software is going to be used by university institutions. when tailoring > the package we want to limit it to a certain amount of users. > > however there is nothing stopping them from creating a login and providing > that same login to various people > > we therefore thought that we could use the mac address to register not just > users but also computers. we can also make users and passwords unique to > individual computers. then we could also limit the amount of computers that > have access to the software. > > when researching how to get the mac address in coldfusion we started coming > across sites that said that mac addresses are not unique and they can be > changed to whatever the user wants. we were under the impression that every > computer had a unique unchangeable mac address > > what are your thoughts on this, and what other solutions to do you see? > > thanks for your help > > richard ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312169 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: mac address and additional protection
It's almost trivial to change the MAC address on a client. On Mon, Sep 8, 2008 at 8:49 PM, Richard White <[EMAIL PROTECTED]> wrote: > hi > > we have a debate that we need some expert advice on!!! > > our software is going to be used by university institutions. when tailoring > the package we want to limit it to a certain amount of users. > > however there is nothing stopping them from creating a login and providing > that same login to various people > > we therefore thought that we could use the mac address to register not just > users but also computers. we can also make users and passwords unique to > individual computers. then we could also limit the amount of computers that > have access to the software. > > when researching how to get the mac address in coldfusion we started coming > across sites that said that mac addresses are not unique and they can be > changed to whatever the user wants. we were under the impression that every > computer had a unique unchangeable mac address > > what are your thoughts on this, and what other solutions to do you see? > > thanks for your help > > richard > -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312167 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: mac address
NBTSTAT.exe can be used to get the mac address over the internet. Problem with CFEXECUTE is that it is slow, and there is no good way to get data out of it to mess with that I know of. From looking at everything I have seen so far we may end up going for a more conventional method of authentication. There seems to be no sure fire way to get the mac address in an uncontrolled environment like the internet. Bernd VanSkiver [EMAIL PROTECTED] ICQ #: 916324 Date: Fri, 08 Dec 2000 23:09:52 -0800 From: "pan" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: mac address Message-ID: <03ac01c061af$086ff560$894aabcd@cat> > I don't know if there is a custom tag that will do this but, you could use > CFEXECUTE with either 'nbtstat' or, if you have the NT Resource Kit, > 'getmac'. 'nbtstat' returns a lot more information than just the MAC, which > means you'd have to parse the information, but 'getmac' returns only the > MAC(s) given the IP address, NetBios name, or host name. You could > optionally create a COM wrapper for it. Of course, Java, VB, and probably > WSH, have the capability to do this too, I just don't have code on hand. > Are nbstat and getmac for the lan or can you use them to get client MAC across a http session outside the local lan? I think the orig poster was asking how to use MAC as a security check for any client accessing a page ... I assumed in my previous answer that meant including clients not on the lan the server running CFAS is on. ??? Pan ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: mac address
> I don't know if there is a custom tag that will do this but, you could use > CFEXECUTE with either 'nbtstat' or, if you have the NT Resource Kit, > 'getmac'. 'nbtstat' returns a lot more information than just the MAC, which > means you'd have to parse the information, but 'getmac' returns only the > MAC(s) given the IP address, NetBios name, or host name. You could > optionally create a COM wrapper for it. Of course, Java, VB, and probably > WSH, have the capability to do this too, I just don't have code on hand. > Are nbstat and getmac for the lan or can you use them to get client MAC across a http session outside the local lan? I think the orig poster was asking how to use MAC as a security check for any client accessing a page ... I assumed in my previous answer that meant including clients not on the lan the server running CFAS is on. ??? Pan ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: mac address
> I don't know if there is a custom tag that will do this but, you could use > CFEXECUTE with either 'nbtstat' or, if you have the NT Resource Kit, > 'getmac'. 'nbtstat' returns a lot more information than just the > MAC, which > means you'd have to parse the information, but 'getmac' returns only the > MAC(s) given the IP address, NetBios name, or host name. You could > optionally create a COM wrapper for it. Of course, Java, VB, and probably > WSH, have the capability to do this too, I just don't have code on hand. Oookay... In the cfx_networktopology source (which I released a couple days back) there is a function called LANsNT. It uses netbios calls to query for all network adapters. If you program, that would be a _starting_ point if we're talking about a local lan. I... don't think there is anyway to directly query above you lan however. Unless you want to write a service dcom for each network that you can query. :) (There's probably some easier way then this, some half documented ms api somewhere but nothing I'd risk network security with comes mind at the moment.) Beyond this tends to be out of my area of experience --min ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: mac address
> Anyone know of a way to grab a client machines mac address? Am looking for > a way to do it with Cold Fusion, scripting, ActiveX, or Java. Any tips or > suggestions would be greatly appreciated. Wanting to use the mac address > for security verification. > From; http://www.sans.org/newlook/resources/IDFAQ/mac_address.htm Can I use the MAC address of an Ethernet packet to trace an attacker? If the attack originated from a system that has a direct connection to your system with no gateway in between, then you can use the MAC address. But, if a gateway is in the path, then the gateway replaces the MAC address of the sender with its own address. As a result, you can trace the attack to the gateway only. If the gateway has extensive logging enabled, you might consider searching the log file for more information. >From the above and given that CAFS works at the OSI application level and that MAC is below that level I would conclude that you are unlikely to accomplish your goal. Gateways are going to be in the transit path of most http sessions CFAS participates in and CFAS is not generically capable of sniffing packets. If a gateway is not a concern than I might suggest one of the Seller tags as a possibility. You'll have to have a tool running that can generate a file of packet data that CFAS can reference - with the caveat that gateway translation will probably make the data unavailable. That's all server side. Client side; http://www.cyberport.com/~tangent/programming/winsock/advanced.html at question 4.7 there seems to be a decent overview of what you will need to deal with via client side Java/Activex - if at all possible. It still doesn't look possible, certainly it will not be a trivial task. The SNMP API, NETBIOS API and RPC/OLE API discussed are in the context of winsock - any solution developed from this will have to be one of a set of solutions encompassing several client OSs. Looks like a good few months worth of research and a fascinating (well, at least an educational) project. Good luck - we'll all be awaiting the cfx tag from you. :) Pan p.s. on an intranet or vpn or extranet the effort will be less as the parameters of the task *should* be under your control - i.e. everyone same OS, same browser, direct access to servers and routers, deliberate non-inclusion of a gateway, etc. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: mac address
I don't know if there is a custom tag that will do this but, you could use CFEXECUTE with either 'nbtstat' or, if you have the NT Resource Kit, 'getmac'. 'nbtstat' returns a lot more information than just the MAC, which means you'd have to parse the information, but 'getmac' returns only the MAC(s) given the IP address, NetBios name, or host name. You could optionally create a COM wrapper for it. Of course, Java, VB, and probably WSH, have the capability to do this too, I just don't have code on hand. Steve -Original Message- From: Bernd VanSkiver [mailto:[EMAIL PROTECTED]] Sent: Friday, December 08, 2000 1:56 PM To: CF-Talk Subject: mac address Anyone know of a way to grab a client machines mac address? Am looking for a way to do it with Cold Fusion, scripting, ActiveX, or Java. Any tips or suggestions would be greatly appreciated. Wanting to use the mac address for security verification. Bernd VanSkiver [EMAIL PROTECTED] ICQ #: 916324 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
