Hi all,
I need to restrict access to some functionality depending on whether a use is working from the Office (where the Servoy server is located) or from home.
application.getIPAddress()
Seems to give me the IP on the local network. I need to work out whether someone has connected remotely…
Any ideas?
C
Maybe call something like http://whatismyipaddress.com/ using the http client?
even easier is this: http://automation.whatismyip.com/n09230945.asp
Thanks Patrick, one of these will work fine!
application.getServerUrl() ??
or do your really need the ip instead of the dns name that a users sees?
Hi Jan,
I need to work out whether someone is working in the office or from home.
The scenario is: Company has valuable data, when someone quits their job and are allowed to work their notice period, they may no longer be allowed to work from home.
In the case of such a blocked user: if the IP is the same as the external IP for the server, I assume office, otherwise I refuse to load Servoy. I know there may be ways around this such as ssh tunnels or vnc’ing into office, but the users are not technical people and don’t have access to the right passwords.
I have already implemented a solution using Patrick’s suggestion
http://automation.whatismyip.com/n09230945.asp
Grabbing this URL using the http plugin works fine. I can lock myself out using a tick box on my user screen in Servoy and ssh into the Postgres database to grant myself access again.
Are you thinking of adding something like application.server_is_local() to Servoy?
server is local??
when is the server local?? if you are really on the same network?
thats a bit weird, the server can also be outside of the companies network, hosted in some big hosting centra
what is then local?
If the server is really local you could do it with getServerUrl() already, because remote users must then go to a public url and internal users are just using the internal url.
But yes if the server is hosted somewhere else you have the situation that you have 3 locations and then the serverurl will not work because they are most likely the same for internal and external people
then WAN IP is the only way to go.
But maybe… if security is important you can better include WAN ip’s at the server location…
So access to the servoy http/rmi ports are only by opt in. People want to use it from how have give there wan ip’s so that they are whitelisted…
But this is annoying again if you don’t have a (almost) fixed ip address… But it is way more secure…