远程替代本地存储低安全性用户数据? [英] Remote alternative to local storage for low-security user data?
问题描述
假设您正在开发一个独立的小型网页,用于一个大型常用的网站。
子网页显示公开活动日历中的项目,并允许用户突出那些特别有趣的他们。
但是,建立一个典型的用户注册系统或任何其他在服务器上存储用户突出显示的事件选择的方式不是选项:子模块需要是自包含的,并且需要尽可能少的维护。这是项目的条件之一。
没有构建某种登录系统(我可以看到)的唯一方法是使用cookie或一些其他本地存储(Flash / HTML 5 ....),它有明显和大的缺点,它绑定到计算机,而不是用户。
方式存储几个千字节数据在每个人的基础上,但不必使用登录或openID,我忽略?一个可靠的Web服务可能?
一个键/值存储服务,我传递一个唯一键(用户指定的键)并返回savevalue ,就足够了。没有必要真正的安全 - 有关的数据绝不保密。
OpenID不是一个选项:在网站的观众中不够了解。
Facebook 是一种选择,但我不认为他们提供像这样的存储选项。
用户他们的事件选择作为文本文件下载,也可以上传并变成另一台机器上的Cookie。
我们在我们的网站上有一个类似的系统,其中用户可以将页面添加到计划/愿望清单功能。保存的项目通过Web服务发送并存储在我们的服务器上,并有一个相应的获取Web服务。
我们有一个延迟注册系统。第一次用户保存项目时,系统会要求他们提供电子邮件(但没有密码,因为没有机密信息)。这是散列和使用cookie保存在本地,然后用于设置/获取保存的项目。当用户使用不同的计算机时,他们再次被要求他们的电子邮件。
关键是一个注册和登录是相同的操作,所以没有必要任何密码提醒或任何重置功能。</ p>
Suppose you're developing an independent, small sub-page for a big and well frequented web portal.
The sub-page shows entries from a public event calendar, and allows users to highlight those especially interesting to them. The highlighted events shall be highlighted (and maybe shown on a separate list) on each future visit of that user.
However, building a classical user registration system, or any other way of storing the user-highlighted event picks on the server, is not an option: The sub-module needs to be as self-contained and need as little maintenance as possible. It's one of the conditions of the project.
The only way to do this without building a login system of some sort (as far as I can see) is using cookies or some other local storage (Flash / HTML 5....) which has the obvious and big downside that it's tied to the computer, not the user.
Is there a way of storing a few kilobytes data on a per-person basis, but without having to utilize a login or openID, that I am overlooking? A reliable web service perhaps?
A "key/value" storage service, to which I pass a unique key (one that the user specified) and get the savedvalue in return, would be sufficient. There is no need for real security - the data in question is by no means confidential.
OpenID is not an option: It is not well known enough among the audience of the site.
Facebook would be an option, but I don't think they provide "storage" options like this.
As a workaround, I am contemplating offering the user their event picks as a text file download, that also can be uploaded and turned into cookies on another machine. But that is pretty complicated for the user, and thus not perfect.
We have a similar system on our site, where users can bookmark pages to a planner/wishlist function. The saved items are sent via a webservice and stored on our server, and there is a corresponding get webservice.
We have a 'lazy register' system. The first time a user saves an item, they are asked for their email (but no password, as nothing is confidential). This is hashed and saved locally using a cookie, then used to set/get the saved items. When the user uses a different computer they are again asked for their email.
The key is that a register and a login are the same operation, so there is no need for any password reminders or any reset functionality.
这篇关于远程替代本地存储低安全性用户数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
