问题
I am writing a very specific web-app that will be deployed on many desktops within a retail environment and I am trying to figure out a way to implement a terminal-like license structure. Clients will purchase X terminal licenses and since the applications runs through Chrome I am looking for a way to generate a hash of the information local to the machine.
I have had a look at a few options already:
1.) Evercookie. I'm not mad about it, it adds quite a delay when generating and loading and just isnt really elegant. We have this working at the moment.
2.) Device fingerprinting (as per https://panopticlick.eff.org/browser-uniqueness.pdf), but since we will be dealing with many terminals in an AD controlled environment they would all represent as one since they have the same configurations/version and be behind a single NAT device.
My next option is to look at creating a plugin that is required to be installed to run our application and it looks at the local machine and gets me a few key information fields (like Hostname, Mac Address) which should remain more constant than browser version and screen size and allow that to be fetched via JavaScript within the plugin/extension.
So my question is can anyone confirm if this is possible? If so, what is the right way to go about figuring out how to do this? I have had a brief look at FireBreath (http://www.firebreath.org/display/documentation/FireBreath+Home), but not sure what the right route is here.
Any advice will be greatly appreciated.
Ian
回答1:
You could do this using a private FireBreath plugin inside a chrome extension; be sure that it's private, so other sites, etc can't use it to uniquely identify computers.
First of all, to do this you'd just use standard system APIs for accessing whatever information you need; FireBreath plugins are just C++, and in Chrome there isn't anything special you should need to worry about, you'll have the same access as Chrome itself does.
I also strongly recommend that you only expose the hash itself through the plugin API to minimize privacy concerns; the more information you expose about the computer the higher the chance that someone will find some way to abuse it. If it's a private plugin inside an extension it is less dangerous, but still worth being careful.
来源:https://stackoverflow.com/questions/15354496/create-a-chrome-plugin-to-get-computer-information