How to put license to my web application ?

Published 1 year ago by wowrudy

Hi, i create a web application for my client company, and they want user can access this apps only from registered pc, so others employee cannot access this apps from their phone or laptop.. how to achieve that ?

example : my client don't accept their employee can access company apps at home, but some of them allowed to access this apps from home. this is why i need restrict per device. maybe you have another idea ?

and my client want to track their employee login via geolocation (latitude and longtitude). i tried html 5 geo but it always notice user to allow/accept first, how to hide that ? so all user login automaticly accept to share their location ?

for geolocation i know i can using php to get ip address and find country/city but what i need is to restrict apps usage in some location, thats why i need latitude and longtitude. but popup browser to allow track their location is annoying, and all employee who using this apps must be agree to track their location to company security issue..

this is closed apps for internal company only

Need advice.. Thanks

Best Answer (As Selected By wowrudy)
andy

Confusing terminology: APP ugh! I do believe that the OP is only talking about something built with laravel.

Can't you just use a VPN? At work, you allow only what is inside your firewall. For employees who are outside the office, allow access to the laravel-app through the VPN. Basically, nothing really to do with your laravel-app. Issues would be with managing a potentially huge VPN access list.

mstnorris
mstnorris
1 year ago (499,465 XP)

i tried html 5 geo but it always notice user to allow/accept first, how to hide that ? so all user login automaticly accept to allow share their location ?

Not going to happen! Huge privacy issues if that was the case!

pmall
pmall
1 year ago (576,045 XP)

i triend html 5 geo but it always notice user to allow/accept first, how to hide that ?

The whole point is to not track user without their agreement, so you cant do this.

It will be hard to restrict a site to some machines, I've no idea how to do this and I wonder why you would ever do this.

mstnorris
mstnorris
1 year ago (499,465 XP)

It will be hard to restrict a site to some machines, I've no idea how to do this and I wonder why you would ever do this.

I completely agree, (a) hard to do, can't use cookies because they can just be copied.

I can think of a few reasons why you would want to limit access (a seat licence agreement) but to restrict the machines themselves... why?

Please explain your reasoning and that may help us come up with other solutions.

Here at Laracasts for example, you can only be signed in on one browser at a time from my experience so that could be something to look into.

robgeorgeuk

The only way I can think of is by using IP addresses. You block all IP addresses except for those on a whitelist.

It's possible to determine a user's location using the IP address as well. In my experience it isn't 100% accurate but it might help you. This package might help https://packagist.org/packages/ip2location/ip2location, which ultimately needs a subscription from http://www.ip2location.com

mstnorris
mstnorris
1 year ago (499,465 XP)

I personally wouldn't go down the route of blocking/allowing people based on their IP address. Too many companies internally share the same IP address and as such you could end up having 100s people using it which is the exact opposite of what you're trying to achieve.

Also, with private ISPs and smaller companies who don't have a static IP address, how would you go about managing said whitelist/blacklist?

pmall
pmall
1 year ago (576,045 XP)

Here at Laracasts for example, you can only be signed in on one browser at a time from my experience so that could be something to look into.

You can totally be connected from the computer and the phone at the same time for example.

mstnorris
mstnorris
1 year ago (499,465 XP)

@pmall I don't use Laracasts on my phone all that much but occasionally when I do use a different browser on my Mac (if I'm testing for example) i've noticed that I have to log in again, and it happens too often to just be a coincidence.

Either way, if I'm totally wrong on the Laracast's use of it, it is still a possibility with regards to the OP's question.

robgeorgeuk

@mstnorris Yeah you're right, I missed the part about the question being about licensing. It could still work for location tracking though.

wowrudy

@mstnorris this is example what i need : my client don't accept their employee can access company apps at home, but some of them allowed to access this apps from home. this is why i need restrict per device. maybe you have another idea ?

@robgeorgeuk yes like mstnorris said, they dont have static ip address anyway..

for geolocation i know i can using php to get ip address and find country/city but what i need is to restrict apps usage in some location, thats why i need latitude and longtitude. but popup browser to allow track their location is annoying, and all employee who using this apps must be agree to track their location to company security issue..

this is closed apps for internal company only

andy
andy
1 year ago (39,445 XP)

Confusing terminology: APP ugh! I do believe that the OP is only talking about something built with laravel.

Can't you just use a VPN? At work, you allow only what is inside your firewall. For employees who are outside the office, allow access to the laravel-app through the VPN. Basically, nothing really to do with your laravel-app. Issues would be with managing a potentially huge VPN access list.

jlrdw
jlrdw
1 year ago (156,300 XP)

With a login.

tgif
tgif
1 year ago (16,220 XP)

have you thought of asking your employer to institute a RFID employee tracking system. That way you can bind it to your app. When ever certain employees are within the the working premises, their login procedure can check the RFID system

mikebarwick

I coincide with @andy. VPN sounds like the route to take - the route most big companies take.

robgeorgeuk

http://www.ip2location.com/ will return latitude and longitude. As mentioned by others, there is no way to disable to geolocation prompt in browsers. Obviously a VPN would allow a user to easily work around any location restrictions you put in place.

It now sounds like IP login restriction could work. Certain users could bypass the IP check but otherwise access only from authorised IP addresses (i.e. the companies IPs) would be permitted.

As far as I know, there is no simple way to add a unique identifier to a device that can be read using web technologies as security and privacy measures prevent it.

shez1983

@wowrudy people have asked you to explain and all you did in response was copy/paste part of your original post. So no one really knows why your employee is doing this.

I think whatever pages/app you want to restrict, should be behind a login and when employee register, get them to provide their location(s) through Google Maps which can give you the co-ordinates. You can then use these to whitelist employees.

Sign In or create a forum account to participate in this discussion.