[英]How to uniquely identify users with the same external IP address?
I have created a service login module by python. 我已经通过python创建了服务登录模块。 I want to limit login.
我想限制登录。 The login based on failed attempts per IP address might not work well and annoy the users connected to the Internet through a local network since they'll have same external IP address.
基于每个IP地址失败尝试的登录可能无法很好地进行,并且会使通过本地网络连接到Internet的用户感到烦恼,因为它们将具有相同的外部IP地址。 Is there a way to uniquely identify such users?
有没有办法唯一标识此类用户? Thanks a lot!
非常感谢!
I don't think there is a bulletproof solution, if the users are behind NAT. 如果用户使用NAT,我认为没有防弹解决方案。 To differentiate those users you would need the private IP address, which you can not get on the IP level.
为了区分这些用户,您将需要专用IP地址,而该IP地址无法在IP级别获得。 If the users are behind NAT, you can only see the public/external IP which would be the same for all clients.
如果用户位于NAT后面,则只能看到对于所有客户端都相同的公共/外部IP。 You could try to get the private IP on the application level (client side), but that would be tricky (and also if the private address is obtained via DHCP, it can change between requests) The other solution I can think of is identifying users via cookies.
您可以尝试在应用程序级别(客户端)上获取私有IP,但这很棘手(而且,如果私有地址是通过DHCP获得的,它可以在请求之间进行更改)我能想到的另一种解决方案是识别用户通过Cookie。 So a HTTP response to each failed login request would contain a cookie which uniquely identifies that client.
因此,对每个失败的登录请求的HTTP响应将包含一个cookie,该cookie唯一地标识该客户端。 In that way you can differentiate users with the same IP.
这样,您可以区分具有相同IP的用户。 You would have to sign the cookie values to preserve their integrity.
您必须对cookie值进行签名以保持其完整性。 However, this does not help if the client deletes cookies after each failed request.
但是,如果客户端在每个失败的请求后删除cookie,这将无济于事。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.