I'm trying to find a resource to get a few things about the user identity for security purposes. I'm trying to get ipv6 ipaddress, and the computer name or host name using classic asp and vb6. If I can't use vb6 I would like to use jQuery or javascript if possible.
In asp, I can get the ipv4 using request.ServerObject("REMOTE_ADDR") I believe.
If you need this in ASP I'm unaware of anything you can use to get this directly.
It is possible to write a Class in VB6 that calls DnsQuery in Dnsapi.dll to do first a DNS_TYPE_PTR query to reverse-lookup the IPv4 address to get the DNS name and then a DNS_TYPE_AAAA query to retrieve the corresponding IPv6 address (if any).
...
Hmm, no code handout no rep eh? (insert smiley here)
Well this is a bit of code to post here inline... maybe look at {VB6} DNS Lookup Class as a starting point.
Not sure if this is what you're after, but there is some information here about building a GUI in VB to track an IP address:
http://www.youtube.com/watch?v=hkDD03yeLnU
Related
English is not my first language. I'll do my best to explain my self.
I am creating an API to be used by clients via Javascript. The client should include on his website something like this:
<script>
var my_api = {
public_key: "123456"
};
</script>
<script async src="https://api.example.com/v1/init.js"></script>
So... how can I use a Public Key to verify the client's website?
I know I can get the referer and compare it in with the key on my database, but:
(a) If the referer may be faked, a public key won't be useful because is already public
And (b) if the referer can't be faked, Why would I use a public key? Is not enougth with the referer?
I can't ask the client to encrypt something to varify if he have the right key if anybody can knows the key...
I have only created APIs with both private and public key (or only private) in the past.
Finally, I want it all be installed on client's website by copy/pasting few lines of JS code (that's why I want only use public key).
I know it is possible because that's how Google Ads works, I just need help to figure out the way.
Note: I searched for other topic on the forum but I couldn't find any answer, just thing related the SSH and nodeJS. I am developing a simple API with PHP and pure JS.
The problem that you might run into with putting the api key on their website is that it could be viewed by anyone and used. Use a Process environment variable on the system they are using to host their site. You can use this resource for information: https://hackernoon.com/how-to-use-environment-variables-keep-your-secret-keys-safe-secure-8b1a7877d69c
How can I make an HTML (and CSS/PHP/JavaScript) document which only allows certain IP addresses on a page?
(I am not asking how to find IP address with PHP, but how to allow access to a page based on an IP address.)
put this on the top of your php file and update the allowedIps variable with the IPs that you want to allow.
$allowedIps = ['198.x.x.x', '200.x.x.x'];
$userIp = $_SERVER['REMOTE_ADDR'];
if (!in_array($userIp, $allowedIps)) {
exit('Unauthorized');
}
for non PHP files (eg .html, .css) you will have to update your .htaccess file to add file specific permission. The following SOF thread should help: (assuming you are using apache server)
.htaccess: how to restrict access to a single file by IP?
If you dont want to bother with the code, put your site on Cloudflare and block ips
Try this with PHP :
function CheckIPAccess() {
//allowed IP. Change it to the IP addresses you want to allow to access your webpage
$allowedip = '127.0.0.1';
$ip = $_SERVER['REMOTE_ADDR'];
return ($ip == $allowedip);
}
Usually, IP restrictions are done at the web-server configuration level, so that unauthorized IPs simply can't reach your code at all.
It would actually be quite messy to try to do this kind of check within your application – "you'd undoubtedly miss one" – but the server can easily do it for you.
(I do not recommend attempting to use IPs for privilege checking and so forth ... "IPs change. Frequently. Very messy. Very ...")
Even stronger yet would be firewalls, and maybe VPNs. You really want to keep intruders as far away as possible and to give them as little information as possible. (For instance, why should they even be able to detect that the web-server exists?) Strive to make the entire setup as "hardened" as possible.
I've setup a physical mac computer to be a MySQL server. It works perfectly well if I access it remotely on the internet if I access it through the Terminal. Edit: I now realise this is on the local network only. So I'm now setting up a static IP and will have to post another question on that if I get stuck
But I'd love to solve why it someone doesn't work if I connect with javascript, such as in GoogleSpreadsheets or any related add-ons in GoogleSpreadsheets (which are also written on Javascript I think).
I can use any of those javascript approaches to connect to other databases which I have access to, but I'd like to find out why I can't connect to mine in particular and if there is anything I can change? Thanks.
I setup a MySQL server on computer A (Mac OS X Yosemite). I can connect fine if I use do the following in bash on computer B (Mac OS El Capitan) and then get whatever output I need from MySQL.
$ # in bash, change path to ensure SQL runs
$ export PATH=$PATH:/usr/local/mysql/bin/
$ # start sql and run a query
$ mysql -u test -pXXXXX -h 192.168.XXX.XX sakila # replace X's with real credentials, where -p is for the password and -h is for the IP address.
$ mysql> SHOW TABLES;
$ mysql> #... output is good
$ mysql> exit;
$
If I run the same credentials in Google Spreadsheets script editor, I get an error on the last line saying that either my connection string, user or password are not correct. See script below.
// attempt to access SQL data using javascript on https://script.google.com
function Drive() {
var ServerIP = '192.168.XXX.XX'; // IP address of the server. replace with real IP
var SQL_Port = '3306'; // port number
var SQL_Usr = 'test'; // name of user
var SQL_Pwd = 'xxxxx'; // password of user. replace with real password
var SQL_DB = 'sakila'; // name of sample database downloaded from MySQL Workbench documentation.
var connectorInstance = 'jdbc:mysql://' + ServerIP +':' + SQL_Port;
var ConnectString = connectorInstance + '/' + SQL_DB;
var conn = Jdbc.getConnection(ConnectString, SQL_Usr, SQL_Pwd); // error on this line
}
My javascript, my syntax is definitely correct, since if I swop in the credentials for another online database then the error disappears. Similarly, I tried 4 different Google Spreadsheets add-ons which are available when you search "SQL" in the add-on store; those work with all databases I tried but not my own.
And my own server's credentials and authorisation should be working correctly, since I can connect using bash as shown at the top.
Is there some security option setup on the other databases in the server or in their internet connection which means javascript will connect on theirs and not mine? Is there something I missed?
My alternatives would be to only access the server with bash (not good when I am building a Spreadsheet-based front-end), or to host the server online, which would involve some costs.
Would an SSH connection help at all? I haven't used one before. Any help would be appreciated.
Steps I've tried
I started off setting up MySQL Workbench with a config file as -"etc/my.cnf".
I set "skip-networking" off.
I made sure "bind_address" was off and also tried variations since as "0.0.0.0", "*" and "%".
I followed a lesson on setting up javascript code for Google scripts and granted sufficent user account details on location "%" (yes I know that's not secure but this is a small test db).
I've tried playing around with other Options File preferences under Networking or other section, but they either have no effect or the server fails to restart successfully with those applied.
Before testing my DB connection, I make sure I restart my SQL server to ensure option and user changes are applied.
I've checked StackOverflow to see who else is asking about remote databases, javascript or connection strings. No one else seems to have my exact issue.
I've tried using the host's name "Servers-Macbook-Air.local" in place of IP, again that works in bash but NOT in Javascript still. Also if I use IP or hostname for another database, that works.
I did some research after Hardy's comment - I think it is the private IP restricting me. I had only tried with both laptops in Wifi range.
http://www.gohacking.com/private-and-public-ip-addresses/
Say for example, if a network X consists of 10 computers, each of them can be given an IP starting from 192.168.1.1 to 192.168.1.10. Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP address range as mentioned above).
Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP.
Your problem is you are trying to your local IP address of 192.168.xxx.xxx
You can not do that from the internet. As a matter of fact, that IP address only exists within your network. You and I could both have the IP of 192.168.1.10. Most off-the-shelf routers create networks that begin with 192.168.1.1 (which is probably where you can access your firewall).
The only way this could work is if you used your public IP address and you have the port you are looking for configured to point to your machine. This would typically require some Port Forwarding or Firewall configuration.
You can check your public IP with sites like http://www.ipchicken.com
This question already has answers here:
Can You Get A Users Local LAN IP Address Via JavaScript?
(9 answers)
Closed 3 years ago.
I want to get local IP address of a client system. How can I achieve this using JavaScript ?
I don't think you can without some server interaction.
The easiest way would be making an AJAX request to a server-side snippet that, in PHP, would look like this:
<?php echo $_SERVER["REMOTE_ADDR"]; ?>
You can't directly. One approach could be to send an AJAX request to your server (if there is one), which can return the IP address from which the user is viewing the current page.
you probably need an external party that will tell you; even if it were possible to get the local ip from javascript (which I doubt) you will most of the time get private ip address in ranges 10.x.x.x or 192.168.x.x (or that other one which I just can't seem to remember)
So put the ip in the page by php, like suggested above, of have a dedicated script echoing just the remote ip. That will then be the ip you have as seen from on the internet.
I think, you can't. But if your server has at least Server Side includes (SSI) - which every apache installation has enabled by default - you can get the ip like this:
var ip = '<!--#echo var="REMOTE_ADDR"-->';
This works on my Mac when embedded in NodeJS code, and gives the local IP address of the server running the code:
// get local IP address - Command line used is: ipconfig getifaddr en0
const { spawnSync } = require( 'child_process' );
const ip = spawnSync( 'ipconfig', [ 'getifaddr', 'en0' ] );
// the two outputs generated:
console.log( `stderr: ${ip.stderr.toString()}` );
console.log( `stdout: ${ip.stdout.toString()}` );
// applied:
console.log( 'This JavaScript is running on: ' + ip.stdout.toString() );
Note: 'en0' is the network interface in this case - you may find that your network connection is through 'en1' or 'en2' etc, so you will need to add a bit of logic to find which interface is being used.
Hope this helps
Phil
I have the an ASCII message of SNMP traps, how can i sent it to different IP address? i dont want to use email instead. Given a IP address and the port, of that receiver machine.
PLease tell me the solution or where can i get references to the command at
least. coz i could find anything regarding it.
PLease...Hope someone can help me..
thank you very much.
regards,
dunk
I don't understand what is "an ASCII message of SNMP traps".
If you already have the bytes you would like to send, in VB.NET you can use Socket.SendTo method.
If you need to pack up TRAP messages, #SNMP Library exposes such API for .NET/Mono platform.
http://sharpsnmplib.codeplex.com (using Messenger.SendTrap* methods).
There is trapgen utility which probably will help you. It allows to send snmp traps in a very handy way.