如何识别Web用户上传文件 [英] How to ID a web user uploading a file

问题描述

我刚刚使用了一个伟大的 PDF转换器，但我注意到他们在转换间隔了30分钟以获得付费客户）。所以我很好奇，如何实施限制;

I just used a great PDF Converter, but I noted that they have a 30 minute intermission between conversions (to get paying customers). So I got curious as to how the restriction might be is implemented; and afaik it doesn't seem to be (solely?) cookie-based.

IP地址似乎不太可能（不会阻止整个NATt的组织集体？），使用文件名太钝了。 JavaScript可以生成硬件独特的信息吗？还有什么其他方法吗？

IP-address doesn't seem likely (wouldn't that block entire NATted organizations collectively?), and using filename would be too blunt. Can Javascript generate hardware-unique info these days? What other other ways are there? What is secure, what is easy to implement and what is just rotten?

推荐答案

我认为这里的问题是唯一标识一个客户端的浏览器。

I think the problem here is to uniquely identify a client's browser.

这些天可以生成硬件独有的信息吗？还有什么其他
的其他方法吗？

Can Javascript generate hardware-unique info these days? What other other ways are there?

一个简单的解决方案（可能不是详尽的）不仅仅是Cookie或IP地址，还包含所有可能的参数，例如

A simple solution (may not be exhaustive) I can imagine, is to consider not just the cookie or the ip address but all possible parameters like

• cookies


• / li>
  
• 浏览器详情


• Flash Cookie 和


• 这些信息可以通过Javascript从客户端的浏览器中删除（这些信息在大多数浏览器中已启用，并且大多数网站（如您提及的网站）都需要）例如已安装的插件及其版本。

• cookies
• ip address
• browser details
• flash cookies and
• then those information that can be pulled off from a client's browser via Javascript (which is enabled for most of the browsers and needed by most sites like the one you mentioned) such as plugins installed, their versions.

有了这些信息，我们可以在很大程度上识别互联网上的机器。

With all these information, one can identify a machine uniquely on the internet to a great extent.

什么是安全的，易于实施，只是腐烂？

What is secure, what is easy to implement and what is just rotten?

就我个人而言，我从来没有实现过，但看起来很可行。

Personally, I have never implemented this, but it seems quite doable.

在这个过程中发现的一些有趣的链接短有趣的研究是：

Some interesting links that I found during the course of this short interesting research are:

1. Peter Eckersley。您的网络浏览器有多么独特？在第10届国际隐私增强技术会议（PETS'10）会议上，Mikhail J. Atallah和Nicholas J. Hopper（Eds。）。


2. 如何独特且可追踪的是您的浏览器？




4. 如何唯一标识访问我的网站的计算机？


5. 浏览器指纹代码段


6. Flash Cookie，一个鲜为人知的隐私威胁

1. Peter Eckersley. 2010. How unique is your web browser?. In Proceedings of the 10th international conference on Privacy enhancing technologies (PETS'10), Mikhail J. Atallah and Nicholas J. Hopper (Eds.). Springer-Verlag, Berlin, Heidelberg, 1-18.
2. How unique and trackable is your browser?
3. Is browser fingerprinting a viable technique for identifying anonymous users?
4. How do I uniquely identify computers visiting my web site?
5. Browser fingerprinting code snippet
6. Flash Cookies, a Little-Known Privacy Threat

这篇关于如何识别Web用户上传文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！