Bind device with login id and password

[Sachin Kumar]

Hi Experts,

Is there any way or logic in Django where we can bind user login id and password with first device login id.

for example:- 

If a user first time login into a PC A, he can't login into PC B using same login id. He can only login into PC A with his login id. if he changes the PC then from backend we can remove his old registration and he can login into New PC.

Please help me with the logic or any tutorial on this.

Regards

Sachin 

[Mike Dewhirst]

On 5/03/2021 4:52 pm, Sachin Kumar wrote:
> Hi Experts,
>
> Is there any way or logic in Django where we can bind user login id
> and password with first device login id.
> for example:-
> If a user first time login into a PC A, he can't login into PC B using
> same login id. He can only login into PC A with his login id. if he
> changes the PC then from backend we can remove his old registration

Removing an old registration ... ie., a login, is likely to be
problematic with cascading deletion needing careful attention. It feels
like a sledghammer to crack a nut.

Without knowing why it is difficult to suggest a reasonable approach.

In any case, if you need a device ID you might look at ...

    from socket import gethostname
    device_id = gethostname()

> and he can login into New PC.
>
> Please help me with the logic or any tutorial on this.
>
>
> Regards
> Sachin

> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users...@googlegroups.com
> <mailto:django-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/85c94977-67b8-4e4f-8b50-c12a5a992aecn%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/85c94977-67b8-4e4f-8b50-c12a5a992aecn%40googlegroups.com?utm_medium=email&utm_source=footer>.


--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.

[Sachin Kumar]

HI Mike,

Thanks a lot for the reply I can capture the hostname of the localhost i also want to capture mac address of the local host. is there any way we can capture the Mac Address of the client?

[Kasper Laudrup]

On 05/03/2021 10.07, Sachin Kumar wrote:
> HI Mike,
>
> Thanks a lot for the reply I can capture the hostname of the localhost i
> also want to capture mac address of the local host. is there any way we
> can capture the Mac Address of the client?
>

In general no. If the client is on the same network you might be able to
find its MAC address with ARP, but it's definitely not something you can
rely on.

It is not really possible to uniquely identify a client without
something like setting a cookie or similar. Even then, don't rely on
that as it is trivial for the client the spoof anything it sends (in the
case of HTTP that includes the client IP). Don't trust the client.

Kind regards,

Kasper Laudrup

[Benjamin Schollnick]

Built-in?  I doubt it.

But create a database field in the user record that you’ll use to store the IP in.  If the field is None, then accept any and all logins.  On a successful login, if the field is not None, then only allow a login if it’s from the IP address in that field.

Now,  ask yourself, why this isn’t normal procedure?

Simply because IP Addresses change, and people need to login from multiple devices (eg. Facebook on Desktop computer, Facebook on mobile device, etc).

Instead if you are looking for a more secure method of logging in, look at SQRL - https://github.com/miki725/django-sqrl

And that’s “Squirrel” SQRL, designed by Steve gibson of GRC https://www.grc.com/sqrl/sqrl.htm

But I have to Thank you, since I didn’t realize that there was a Django SQRL implementation until I just looked.  I’m going to look at adding this into my app.

- Benjamin