安全 - 检测网站上用户的设备详细信息
是否可以在不使用任何插件的情况下为我网站上的访问者或注册用户检测到这些内容?我正在创建安全功能,因此四处寻找我可以检测到的内容以添加安全警报。由于存储机密信息,安全性对于该服务非常重要,因此我尝试使用不同的安全层。一层是自动检测设备详细信息以了解使用模式并进行相应标记。但我需要知道这些是否可以被检测到:
- 它们是否使用无线互联网或局域网。
- 如果是无线,则为 SSID。
- 网卡 MAC 地址
- 计算机名称
- 当前屏幕分辨率 用户正在使用
- ISP 用户正在使用
- 当前登录操作系统的用户帐户。
* 另外,我们还可以检测什么来唯一标识设备?以上所有内容都很好,但仍然可以改变。我唯一能想到的是设备的序列号。我不确定我们是否可以在没有插件的情况下检测到这一点。
平台是 PHP,但如果可以用其他语言检测到这些语言,当然可以集成任何语言。
Is it possible to detect these for visitors or registered users on my website without using any plugins? I am creating the security features so scouting around for things i can detect for added security alerts. Security is very important with this service due to storage of confidential information so I am trying to use different security layers. One layer is to auto-detect device details for usage patterns and flag accordingly. But I need to know if these can be detected:
- If they are using Wireless internet or LAN.
- If wireless then the SSID.
- MAC address of network card
- Computer name
- Current screen resolution user is using
- ISP user is using
- User account currently logged in the OS.
* Also, what else can we detect to uniquely identify a device? All all the above is good but can still change. Only item I can think of is Serial number of the device. Which I am not sure if we can detect without plugings.
Platform is PHP but ofcourse can integrate any language if it is possible to detect these in some other language.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
不
不
否
您可以对 IP 地址执行反向 DNS 查找
JavaScript 可以给你这个
IP 上的 whois 可能会为您提供此信息
IP没有
附带条件:请求来自面向 Internet 的 IP。代理或 NAT 并掩盖它。
No
No
No
You can perform a reverse DNS lookup on the IP address
JavaScript can give you this
A whois on the ip may give you this
No
Provisos with the IP: It will be the Internet facing IP that the request comes from. A proxy or NAT and obscure it.
如果没有插件,你唯一能得到的就是 ISP,但如果他们使用属于其他人的代理,即使这样也可能是在撒谎。如果您需要任何类型的实际客户端身份验证,请为它们生成 SSL 证书以安装到浏览器中。
The only thing you can get without a plugin is the ISP, but even that may be lying if they're using a proxy belonging to someone else. Generate a SSL certificate for them to install into the browser if you need any sort of actual client authentication.
你可以猜测:
但要小心,因为大多数这些信息很容易被伪造。
What you can guess:
But beware, because most of these information can be easily faked.
不,你不能。至少从安全角度来看不是。您实际上是在询问用户“您可以吗?”,这是毫无意义的。
然而,你可以做的(正如 Yorirou 所说),就是猜测这些事情来帮助用户。这是不同的,因为您并不是试图阻止用户做任何“坏”的事情,而是通过告诉他们升级或更改某些内容来帮助他们。
如果你这样做,你必须非常清楚其中的差异..并记录下来,这样下一个人就不会搞砸了..他会的..他会相信“ security”属性(即用户没有使用无线网络),这实际上只是一个猜测。
No, you can't. At least not from a security perspective. You're effectively asking the user "are you allowed?", which is pointless.
What you can do however (as Yorirou said), is to guess these things to help the user. This is different since you are not trying to stop users with "bad" whatever, but help them by telling them to upgrade or change something.
If you do this, you have to be very clear about the difference.. and document it so the next guy does not f#¤ it up.. which he will.. and he'll trust a "security" property (i.e., the user is not on a wireless) which is really just a guess.