1

I would like to develop an application that can connect to server and uniquely identify clients then give them permissions to run a specific query on server's database. How can I identify clients in a unique way. Is MAC address reliable enough? or should I use something like CPU id or something else?

clarification : I do not what to create a registration code for my app. As it's suppose to be a free application. I would want to detect each client by an id and decide which one could have the permissions to run a specific method on server or not.

Sarah Aziziyan
  • 498
  • 9
  • 22
  • Reliable enough really depends on the use case of your application. The problem is that mac addresses can be spoofed so if you're relying on it for identification into a secure area, then this is a potential attack vector. – Xefan Apr 27 '15 at 08:10
  • 1
    I think that my clients do not have the knowledge to change the MAC address but since I want to be sure, I want this unique id to be unchangeable. at least not without changing hardware. – Sarah Aziziyan Apr 27 '15 at 09:43

2 Answers2

3

The usual approach is to give each client a login (name + password). That way, it's easy to replace clients when they need upgrade or when they fail.

MAC address should be unique but there is no central registry which enforces this rule. There are also tools to change it, so it's only somewhat reliable.

CPU and HD IDs are harder to change but people will come complaining when their hard disk died or when they upgrade their system.

Many PCs have TPM modules which have their own IDs but they can be disabled and the IDs can be wiped. Also, there are privacy issues (people don't like it when software automatically tracks them).

Another problem with an automated ID approach is how to identify them on the server. When several clients connect for the first time in quick succession, you will have trouble to tell them apart.

Aaron Digulla
  • 321,842
  • 108
  • 597
  • 820
  • I think I'm going with HDD ID as it cannot be changed at least until they change the whole Hard drive. and if the client changes it's HDD and has weird activities (I log every activity on the server) I could detect it. Thank you. – Sarah Aziziyan Apr 27 '15 at 09:56
1

This question appears to have already been asked and answered in detail (although, you may not like the answers, since they appear to add up to: it's problematic.) I agree with Xefan's comment that more details would help define your question. Here's a link to earlier discussion on this:

What is a good unique PC identifier?

Community
  • 1
  • 1
Garuda
  • 39
  • 5