3

I'm developing an app for my company, and for security reasons I can only allow certain devices to use it. On Android I'm getting the device uuid, so I can uniquely identify it and allow it access to the platform (serverside validation of this uuid). I'm also developing the very same app as a web-app, and for the same security reasons I need to allow only certain pcs to access the platform (even if I'm validating access with username/password, but it's the requirement my boss gave me). So, how can I generate a version 1 uuid using javascript or jQuery? Is it even possible? All I need is a uuid that will be the same everytime I generate it on the same machine.

PS: I can't rely on generating a random uuid and storing it, since my app clears localStorage AND the user can errase cookies.

Christian Rodriguez
  • 630
  • 1
  • 8
  • 24
  • You can use [fingerprint](https://github.com/Valve/fingerprintjs2). – Patrick Roberts Jul 01 '16 at 17:23
  • By the way, the real answer is that you can't do this without a browser extension or plugin. JavaScript doesn't have direct access to any hardware identification, but what fingerprint does is create a uuid based on a combination of browser feature detection and the user agent string. If you're willing to consider a browser-specific extension though, I do have an answer. – Patrick Roberts Jul 01 '16 at 17:30
  • canvas font fingerprinting (not a list of fonts, but the actual rendering of different text on different systems) works very well and is preserved though most config changes, unlike environ profiling. – dandavis Jul 01 '16 at 18:11
  • also, i wouldn't puch too much faith in any serial number: the client can manipulate that before it gets to your server, so if that's the only ID, it's trivial to act as other users and steal info. – dandavis Jul 01 '16 at 18:12
  • Thanks @PatrickRoberts Sure! An extension for chrome should be fine! – Christian Rodriguez Jul 01 '16 at 19:04
  • Thanks @dandavis, I'll give it a try to canvas fingerprinting. I need the uuid to remain the same even on config changes. – Christian Rodriguez Jul 01 '16 at 19:04
  • the ones that use plugin lists and navigator properties seem to consider that updating your browser or installing a font means the device is a new one. rendering fingerprinting uses intrinsic machine properties. as a privacy advocate, i think it's an abomination, but it's out there... – dandavis Jul 01 '16 at 19:11
  • Since this is a link-only answer for now, I'll leave it as a comment until I have time to make a full answer. You can use the [Chrome Native Message API](https://developer.chrome.com/extensions/nativeMessaging) to communicate between your extension (which you will have to write) and a [C++ file to obtain a machine's MAC Address](http://wxwidgets.info/cross-platform-way-of-obtaining-mac-address-of-your-machine/). Keep in mind you will need to [edit the C++ file in order to be compatible with Chrome's native message API](http://stackoverflow.com/a/35060349/1541563) – Patrick Roberts Jul 01 '16 at 19:30
  • For now it's working well with fingerprintjs2, but I'll need to test for changes in configuration and such. @PatrickRoberts please submit your answer to accept it (as soon as I'm done testing, here's hoping not as long as Chell) ;) – Christian Rodriguez Jul 01 '16 at 21:10

0 Answers0