I know there is the auto login function now that stores credentials in the browser cookies, but would it be possible to add a built in function of auto login looking for a static IP or MAC address machine?
We are wanting the users to only have writable access at 2 specific machines inside the control room without knowing the credentials of the login. We provided a read only user to monitor using handheld devices.
phildunlap last edited by
Can you elaborate on why you would prefer using network information to auto authenticate? The issue is that these would be far easier to spoof than HTTP headers transmitted in an encrypted fashion. If the concern were that a user could take the credentials out of the browser and then use them elsewhere, a similar sort of vulnerability would exist for the address of the two machines getting spoofed. I would think the way to go about it would be locking down the browser on the control room machines so that a user cannot extract the cookie, or making users enter usernames and passwords.
@phildunlap I guess the thought was to have the function built in within Mango to not rely on the browser. In the case that the user needs to switch browser, clear cookies, or something to that aspect. But I did not consider the vulnerability of network information. Will talk it over with our tech director some more.