javaservletshardware-idsystem-identification

Can hardware information by obtained on a device that interacts with a Java servlet?


Is a way to gather hardware information to uniquely identify a certain device (not a category) that makes requests to a Java servlet ? I searched for this, but I don't think there is a method ( "user agent" header can be used for some information, but that only identifies a certain set of devices and it is not enough).


Solution

  • This information is not available anywhere in a HTTP request. The remote address (client IP) and the user agent (the string which the browser pretend to be) are the closest unique identifiers you can ever extract based on a HTTP request. Even then, this information is not reliable. The client can for instance use an anonymous proxy. The client can for instance have changed the browser's user agent string.

    You basically need to collect this information in the client side and then send it to the server side as request parameters yourself. You're in turn however limited in the available ways to collect this information. JavaScript for example doesn't allow this due to security reasons. Your closest bet is a signed(!) Java Applet or Web Start application. This allows you to let the client download some Java code and execute it locally. But this is also not always reliable. The client can for instance hack the applet/webstart code and/or tamper the HTTP traffic between the applet and the server.

    Another way is to just introduce a registration/authorization/authentication system wherein the client need to supply an unique identifier itself by a valid login. This is not only simpler, but also more robust.