Imagine a site that uses google mechanisms as a storage mechanism for various application-level data. This data is periodically replicated on the server using asynchronous webservice calls while the application is active.
The problem is the subscription monitoring mechanism. Imagine a subscription system for this service based on unique PCs. How does a web service uniquely identify a PC (or, more specifically, a web browser) that synchronizes data with it?
My natural first idea was to store the GUID in the local database on the machine and send it with the request, but if you look at the documentation for storing gears google, you will find that the database is unencrypted and can be easily faked (attachment to file sqllite is all that is required and can be done using various tools).
What I was thinking about recently is surely something to figure out a signature that repeats on one machine, but is unique, using only javascript? So far, the implementation of this has eluded me (if only navigator.userAgent.uniqueID existed), although he would not have done much for privacy).
The final thought is to explicitly write an ActiveX control and a firefox plugin to provide this functionality, but it will be a huge pain in the ass ...
Any ideas would be appreciated.
source
share