Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <ul> <li><p>You can try using a tracking cookie; note however that such mechanisms are considered transient (e.g. cookies can be erased). In-browser JavaScript is sandboxed so that it does not have access to components outside the page. Note also that any feeling of security you'll gain with JavaScript is illusory - the script runs on the client side, where it can be modified (therefore there's no way to tell whether the "unique" piece of data is genuine or faked) or disabled altogether.</p></li> <li><p>If you're trying to prevent random people from hacking at your app, you may want to ban them after a certain number of failed attempts. This will not get you any security, it's more of a flytrap - it limits the annoyances somewhat.</p></li> <li><p>Finally, if you want actual security, go for HTTPS with real (NOT self-signed) server certificates and <strong>client-side certificates</strong> - see e.g. <a href="http://lenss.nl/2011/02/apache-ssl-client-side-certificate-data-in-php/" rel="nofollow">this</a> for an implementation (that example, however, uses self-signed server certificates, which is not very secure). This is a mechanism that is well-implemented in the browser itself, and provides you with a somewhat secure system (complete with a secure keystore) of identifying your users (as opposed to a fundamentally flawed JS "security", or relying on user-readable files). Oh, and your data is encrypted while on the wire, that's a bonus.</p></li> </ul> <p>SSL actually does what you're asking for: verifies that the client machine has a certificate issued to that user. This mechanism works inside the browser, not just inside the webpage; thus, it is much harder to subvert this than an in-page JavaScript. It stores a large unique identifier (clientside certificate) in a secure way, and it can <em>prove</em> to the server that it actually has that identifier - which is pretty much your initial requirement.</p> <p>(Incidentally, using SSL, the data will be protected in transit, and the client can validate the server's identity; those weren't your requirements, but they're more or less necessary to assure that you're actually talking to the real client and real server)</p>
    singulars
    1. This table or related slice is empty.
    1. POGetting something unique about user's computer with JavaScript?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USPiskvor
    1. USPiskvor
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POGetting something unique about user's computer with JavaScript?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COthe script runs at client side but i just want that script to send me something unique about the computer, rest is handled on server
      singulars
      1. PO
      1. USgkaykck
    2. CO@gkayck: So, assuming there would be a `getSomethingUnique()` function in JS, what would prevent the user from overriding that function so that it returned fake data? (hint: nothing)
      singulars
      1. PO
      1. USPiskvor
    3. CO@gkaykck What's to stop someone to grabbing the unique code from one machine and then sending that from another machine to impersonate the former? You have no way to guarantee that the client is actually running your script at all.
      singulars
      1. PO
      1. USderkyjadex
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload