How safe is it to control the acces to an admin control panel (not invision) using ip addresses?

I realize ist not sophisticated but quite straight forward...

adding the following in a php file or function:



The check function:


And some addresses of course:


The IP addesses are stored in a config.php file that is included in a acp.php file in which the admin functions are implemented.

I do not need a members data base I just want that some functions are only accessable for myself or 1-2 other admins... It works for me but is it a smart way to go? Of course I can make mistakes in the implementation but the main question is, is it safe when I only allow access based on IP addresses?

Its not really a smart way to go. The main reason is people still have dynamic IPs so they change every time they access the internet, meaning you'd have to change the IPs in your script every time they wanted to use it.

Ian

I have a static IP, though. So if you do, you could do it.

Yes, but with specific get/fget/curl(I think) requests, if they know what they're doing, I belive that could potentially spoof their IP.

Not true Trel, IPs can be spoofed but only at the low level network layer. It's not the most perfect way to do things either way.

I think the most secure way to do things is require the user to log in via a VPN connection, and then access a non-internet ( because the forums wont let me say out ward in all one word ) facing server to manage the site. I know, complex, but EXTREMELY difficult to hack. With strong passwords and the like of course.