网站地图    收藏   

主页 > 后端 > 网站安全 >

关于evercookie - 网站安全 - 自学php

来源:自学PHP网    时间:2015-04-17 15:08 作者: 阅读:

[导读] 大风起兮云飞扬这个东西比较敏感,是把双刃剑,所以我不想在blog上讲太详细。http://samy.pl/evercookie/这是一个给客户端打上永久标记的项目,类似技术我以前在blog里也写过,很多广告提...

大风起兮云飞扬

这个东西比较敏感,是把双刃剑,所以我不想在blog上讲太详细。

http://samy.pl/evercookie/

这是一个给客户端打上永久标记的项目,类似技术我以前在blog里也写过,很多广告提供商用的特别多。

Specifically, when creating a new cookie, it uses the     
following storage mechanisms when available:     
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5
Canvas tag to read pixels (cookies) back out      
- Storing cookies in and reading out Web History
- Storing cookies in HTTP ETags
- Internet Explorer aspx">userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite

TODO:
adding support for:
- Silverlight Isolated Storage
- window.name caching
- Caching in HTTP Authentication
- Using Java to produce a unique key based off of NIC info

对我来说,比较有趣的是
RGB的想法,把cookie存储在一个图片中,然后在客户端再读出来,给这个图片设置一个expires非常长的时间(Expire 头,用于客户端缓存,不同于cookie的expire属性)
/* evercookie 0.3, by samy kamkar, 09/20/2010
*  http://samy.pl : code@samy.pl
*
* This is the server-side variable PNG generator for evercookie.
* If an HTTP cookie is passed, the cookie data gets converted into
* RGB-values in a PNG image. The PNG image is printed out with a
* 20-year cache expiration date.
*
* If for any reason this file is accessed again WITHOUT the cookie,
* as in the user deleted their cookie, the code returns back with
* a forced "Not Modified" meaning the browser should look at its
* cache for the image.
*
* The client-side code then places the cached image in a canvas and
* reads it in pixel by pixel, converting the PNG back into a cookie.
*
* -samy kamkar
*/

ETag
/* evercookie 0.3, by samy kamkar, 09/20/2010
*  http://samy.pl : code@samy.pl
*
* This is the server-side ETag software which tags a user by
* using the Etag HTTP header, as well as If-None-Match to check
* if the user has been tagged before.
*
* -samy kamkar
*/

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论