1

Im trying to identify a PC to check on the amount of login attempts.

At the moment im using code to identify the IP address of the PC.

It works well, but if you are using a dynamic IP of you encounter a bot that changes its IP every second or two, it wont work.

Here is the current code

<script type="application/javascript">
    $(document).ready(function() {
        $.getJSON("http://www.telize.com/jsonip?callback=?",
            function(json) {
                myIP = json.ip;
            }
        );
    });
</script>

Is there some other unique address or code that I can grab? (like MAC address, but I know that is not allowed.)

morne
  • 4,035
  • 9
  • 50
  • 96
  • 2
    You mean you want *the client* to provide an id to count the number of login attempts ? This isn't how you do security. – Denys Séguret Aug 14 '14 at 07:15
  • you should do security checks on server side not client side – Ergec Aug 14 '14 at 07:16
  • Okay, thats good, but then I dont have a clue I guess. Do you have a link that I can read up on this please. – morne Aug 14 '14 at 07:16
  • But is there a way to get some uniqueness from a local PC? – morne Aug 14 '14 at 07:17
  • http://stackoverflow.com/questions/1420381/how-can-i-get-the-mac-and-the-ip-address-of-a-connected-client-in-php – Ergec Aug 14 '14 at 07:19
  • @mornenel There's no really good solution. Blocking on the IP is the best bet if you really must limit login attempts (you probably shouldn't). Somebody trying to crack your server may even not use a browser. – Denys Séguret Aug 14 '14 at 07:21

1 Answers1

2

No device or browser can return a unique Id. It would be a means of security breach. None the less it is a great question and many apps create a uuid that is stored on the device so that it can be identified, if at least on their server.

This is how you do it

http://jsfiddle.net/dq5oy6w2/1/

var uuid=function(){
var u = 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g,
function(c) {
var r = Math.random() * 16 | 0,
v = c == 'x' ? r : (r & 0x3 | 0x8);
return v.toString(16);
});
return u;
}


var getDeviceId = function(){
var current = window.localStorage.getItem("_DEVICEID_")
if (current) return current;
var id = uuid();
window.localStorage.setItem("_DEVICEID_",id);   
return id;
}

document.getElementById("deviceid").innerHTML=getDeviceId();

Here i use localStorage, it's fast reliable but the user can clear it on most devices. If you want something more robust, consider indexedDB or WebSql -both are harder in some respects to clear.

Since you have the ip on the server you could pass this id in your server call, and have the IP as a fallback, if you store this uuid with the IP, on your server: you could have a means of replenishing the client, if it looses the uuid. But that may restrict multiple devices on one IP.

MartinWebb
  • 1,998
  • 1
  • 13
  • 15
  • Yes, this can definitely be useful. Great answer. – morne Aug 14 '14 at 07:54
  • It's a great Question. Something everybody finds the need to do with modern style web and mobile apps. Using the right strategy you can get a near enough bullet proof solution, but it will shape depending on your specific need, the above code is the start point it gets you a robust UUID and keeps it on the device. – MartinWebb Aug 14 '14 at 07:56