PHP Login by hostname. Is this safe enough?

Question

I authenticate users by their hostname for some internal sites. I do this by:

if( gethostbyaddr($_SERVER['REMOTE_ADDR']) == .... ) { ...

But im not sure if it is safe to login users this way. Is there a chance to improve the security of this auto-login method? Or is this method already safe enough?

I like this method due to its simplicity. They work very well.

Thanks

Update:

Environment: Local intranet, with around 20 Clients. Local managed DNS.

My Question is different to Is it safe to trust $_SERVER['REMOTE_ADDR']? because i use the hostname and not the IP-Address to identify the user!

`REMOTE_ADDR` can be spoofed, and they could use a proxy. This is _not_ safe. — OptimusCrime, Nov 22 '17 at 09:22
No it is not duplicate. Since i use the hostname and not the IP @RonvanderHeijden i use the hostname and not the IP-Address directly — C. Hediger, Nov 22 '17 at 09:30
Ok, we assume that i can trust the admin of the DNS. My question does more concern about the possibility of a regular user to fraud this auth method — C. Hediger, Nov 22 '17 at 09:32

score 1 · Answer 1 · answered Nov 22 '17 at 09:34

1

well, do you trust your DNS? (also make sure you have a quick dns)

also make note that, if the attacker has the password, on WEP/WPA/unencrypted WLAN's, its trivial for an attacker to kick the real client off the net and hijack that ip address (and on WEP encrypted WLAN's, obtaining the password is also trivial)

answered Nov 22 '17 at 09:34

hanshenrik

19,904
4
43
89

Basically i trust my DNS, since the dns is local managed. We are talking about a local network with around 20 clients. – C. Hediger Nov 22 '17 at 09:36

PHP Login by hostname. Is this safe enough?

1 Answers1