6
Problem
I am searching for some way to identify and validate workstations, and would like to get some value from the machine that is not changeable, such as the IP that can change.
I tried to get the MAC address, but it does not seem to be possible for browser security reasons (as mentioned in this question right here in the SO-PT).
Question
Are wondering if there is any other secure value that I can get via browser and base to validate a workstation, I need that value to free and block stations, and this has/will have no connection with system authentication.
Note: I can get this value through the client (Javascript), or server (ASP.Net MVC). Ultimately creating a Java applet (which is not the choice but feasible since stations would need to have Java installed and configured in browsers).
From what I noticed a 100% reliable alternative, does not seem to be possible, so I would like a viable option without having to use extensions (Java Applets, or Flash), using purely browser features (Can be considered using recent browser IE9+).
Bank browser plugins do this, I think q use java applets
– Caputo
That’s right @Caputo, I just wouldn’t want to have to use Java Applets.
– Fernando Leal
With JS you can collect a lot of information about how the machine is configured. If you are lucky, no one else will have the same configuration. As incredible as it seems the chance is quite great. https://panopticlick.eff.org/ It may change, but it is another way to identify.
– Maniero
You couldn’t create a unique number for the machine and use it if it didn’t exist?
– Felipe Avelar
@bigown, this would be easily changeable right? For my purpose is to get a value and validate the machine for a 7 day type time period.
– Fernando Leal
It is a @Felipeavelar option, but where I would store this value safely for a long period of time?
– Fernando Leal
It is, but there is no real way reliable, not even MAC address.
– Maniero
@Fernando you can store and recover some unique data using local Storage with javascript, but depends on browser settings. Another solution would be to create a login bookmarklet, as I explained in this reply: http://answall.com/a/2526/70 (remembering that a malicious user could copy the bookmarklet if they have access to the machine, so the solution is only valid if it is an addition to something more robust)
– Bacco
If it were easy to identify machines via Javascript advertising agencies would not have to do so many gambits to monitor people.
– hugomg
Have you tried using browser cookies?
– user3465264
It would not solve, because I could use another browser and it would be invalid.
– Fernando Leal
@Fernando You mentioned work stations. I’m guessing a LAN, correct?
– OnoSendai
Not always @Onosendai, what you would have to do is release any workstation on LAN or via the Internet. I’m thinking of other possibilities, because I think this will not be possible, but if you have some idea for LAN, it may be useful.
– Fernando Leal
If you are on a LAN, you have access to the ARP table, which can identify the MAC Address of a given IP - which makes unique identification easy. http://answall.com/questions/6380/obten-mac-address-da-m%C3%A1quina-cliente-da-aplica%C3%A7%C3%A3o/6542#6542
– OnoSendai