是服务器端的用户代理检测不好? [英] Is server-side useragent detection bad?
问题描述
客户方用户代理检测已知是不良时,然而它是也差不同的基础上的反应传入用户代理在HTTP请求
Clientside useragent detection is known to be bad, however is it also bad to react differently based on the incoming useragent in a HTTP request
一个例子是嗅类型的浏览器的所有IMG请求,并基于所述传入的userAgent是否是移动或桌面发送更小或更大的图像。
An example would be sniffing the types of browsers out of all img requests and sending smaller or larger images based on whether the incoming userAgent is mobile or desktop.
推荐答案
我认为这取决于你的动机是什么。例如,在移动网络领域你正在尝试做的是提供一些看起来明智他们的平台上的用户。为什么要关注什么用户代理的用户报告,当它纯粹是为自己的利益?如果他们去欺骗你用不同的用户代理的努力,那么他们是遭受的唯一的人。课程的主要麻烦是误报;这不是完全可靠的。
I think it depends what your motivation is. For example, in the mobile web sector what you are attempting to do is provide the user with something that looks sensible on their platform. Why be concerned about what user-agent the user is reporting, when it is purely for their own benefit? If they go to the effort of tricking you with a different user-agent, then they are the only person that suffers. The main trouble of course is false positives; it's not entirely reliable.
我跟你不应该依赖于它是这样的说法,但移动开发者正在从这样的通用广泛的声明攻击。是有很好的替代品,而是跨越每一个浏览器,你可以想像,这个信息实际上可以在某些时候作为确定性开始退化是有用的。
I follow the argument that you should not rely on it as such, but mobile developers are under attack from generic broad statements like this. Yes there are good alternatives, but across every browser you can imagine, this information can actually be useful at some point as the certainty begins to degrade.
什么你当然不碍着任何纯文本标题是用它来方便的访问控制。
What you certainly don't ever do with any plain-text header is use it to facilitate access control.
当有更好的选择用户代理检测被认为是不好,但肯定没有坏处,包括它的检测过程,缓慢下降的确定性。
User agent detection is considered bad when there are better alternatives, but there is certainly no harm in including it in a detection process which degrades gracefully in certainty.
我有整个过程的问题是,我们在为用户提供一些合理的追了上来,但似乎从来没有认为这是可以接受询问时,是不确定的。如果你不能确定用户代理,为什么不再多问和存储?您可以使用用户代理作为一个准则。
The issue I have with the whole process is that we are caught up in providing the user something sensible, but never seem to think it's acceptable to ask when you are uncertain. If you are uncertain about the user-agent, why not ask once and store? You can use the user-agent as a guideline.
所以,来结束我的想法,本质上是User-Agent头是不可靠的,所以它是坏的依赖就可以了。这并不意味着你不能提取一定程度的有价值的信息,从它放在更可靠的选择会让你在一个不确定的状态。总的来说这是错误的结论,这是不好的。它只是你这个信息,使得它坏的或不能做什么。
So to conclude my thoughts, essentially the user-agent header is unreliable, so it is bad to rely on it. This doesn't mean you can't extract a degree of valuable information from it where more reliable options leave you in an uncertain state. In general it's wrong to conclude that it is bad. It's simply what you do with this information that makes it bad or not.
看到你更新的问题后,我有以下的意见作出贡献。
我想嗅探形象要求,并为客户提供了基于用户代理的形象呢?
After seeing your updates to the question, I have the following comments to contribute. Do I want to be sniffing image requests and providing the client with an image based on user agent?
如果这是唯一的变量,那么也许它可以工作,但它的很少,你是不同的唯一事情是图像的情况。我不希望每个请求的检测,因为我要提供的客户端连贯的解决方案。这意味着,我服他们,使他们请求正确的资源页面。此页面产生的所有整合资源的单一连贯的解决方案。本文档中的所有的变化对于特定视图一起工作。
If this is the only variable then maybe it could work, but it's rarely the case that the only thing you are varying is the images. I don't want to detect per request because I want to serve the client a coherent solution. This means I served them a page that causes them to request the correct resources. This page yields a single coherent solution for all of the integrated resources. All variations in this document work together for a particular view.
我尊重用户代理字符串改变中期观点的机会是如此苗条它似乎并不值得担心。但是采用这个原则也减少了需要执行浏览器/平台的检测时间,这只能是有益的数量。这使您可以更方便地切换客户端上的看法。如果客户确实说了你的观点错了,我是一个平板电脑不是一个电话,你如何去纠正?您所服务的用户提供更好的页面,否则,你将需要为你的形象欺骗的请求......头可怕的想法。 不要使用用户代理字符串以服务通用资源如图片
I respect that the chance of the user-agent string changing mid-view is so slim it doesn't seem worth worrying about. However adopting this principle also reduces the number of times you need to perform browser/platform detection, which can only be beneficial. This allows you to switch views on the client much more easily. If the client says actually you got the view wrong, I am a tablet not a phone, how do you go about correcting that? You serve the user a better page, otherwise you will need to be spoofing headers for your image requests... terrible idea. Don't use the user-agent string to serve generic resources like images.
平台标识是现代发展的网络一个非常活跃的领域。随着计算变得更加普及和平台变化更为广泛,我们需要了解我们所服务的增加平台。我认为目前的条件下,解决这一问题的通用解决方案是要落在指纹识别和统计分析。
Platform identification is a very active area of modern developments in the web. As computing becomes more ubiquitous and platforms vary much more widely, our need to understand the platforms we are serving increases. I think the general solution to this problem under the current conditions is going to fall on fingerprinting and statistical analysis.
考虑此应用 - akinator.com - 请注意,从一个巨大的一套稀疏数据的统计分析是如何准确烦人。在有限的环境(浏览器设置配置),你可以想像,我们可以要求客户端浏览器的一些问题。然后,我们在某些n维特征空间中的反应进行了统计分析。使用用户代理,因为这空间的尺寸将是有益的和自限性,这取决于你发现的结果。如果它是不准确的大部分,然后它会看到大S $ P $垫,并且值得你从中获得的金额将是自限性。
Consider this application - akinator.com - Notice how the statistical analysis from a huge set of sparse data is annoyingly accurate. In a limited environment (the set of browser configurations), you can imagine that we could ask the client's browser some questions. We then perform a statistical analysis on the response in some n-dimensional feature space. Using the user-agent as a dimension of this space is going to be useful and self limiting, depending on the results that you find. If it's largely inaccurate then it will see a large spread, and the amount of worth you derive from it will be self limiting.
当然你派生的任何值从这个统计模型需要你能够获得一些验证真理的能力。这可能是,例如,运行的JavaScript测试套件来检测客户端的js能力,或者实际上,在不确定性,实际上你可以要求用户告诉你他们的平台是什么。
Of course your ability to derive any value from this statistical model requires you to be able to obtain some verified truths. This could be, for example, running a JavaScript test-suite to detect client side js capabilities, or indeed, in uncertainty, you can actually ask the user to tell you what their platform is.
有关进一步的阅读我想请您看看这篇文章由Mozilla
For further reading I'd refer you to this article by Mozilla
<一个href=\"https://developer.mozilla.org/en/Browser_detection_using_the_user_agent\">https://developer.mozilla.org/en/Browser_detection_using_the_user_agent
今天,看着这些字符串是要知道的唯一途径
装置上的移动装置上运行(相应片剂)服务于前
HTML
Today, looking for these strings are the only way to know that the device runs on a mobile device (resp. a tablet) before serving the HTML.
这篇关于是服务器端的用户代理检测不好?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
