I have developed a site for use on my company's intranet. You can not access the site from outside of the network.
Asking users to log-in pretty much means they won't use it as logging in is seen as cumbersome. I am trying to find the most seamless way of grabbing some identification.
I used Javascript and Chrome to develop the site. I would like to have a way to grab a computer name or windows user name or something that will uniquely identify the user. A chrome extension would work.
I understand ethical issues with an application on the internet doing this, but this is for internal use only.
Related
I'm trying to develop a feature for my own website that detects the specific devices that are accessing to my page and from which browser are entering my registered users. Something similar to what the telecommunications companies do i.e. Orange in Europe or Netflix. For instance:
For identifying the devices I tried to get the MAC of the user who is accessing to relate that MAC address to my user. But the only solutions that I found only work in Internet Explorer and allowing some features of that browser.
For instance :
https://programming.vip/docs/three-methods-for-js-to-obtain-client-ip-address-mac-and-host-name.html
In the second place, getting the browser seems easier with property user-agent (Javascript and PHP) and only in Javascript with Navigator feature. But I don't know if it's the best solution out there.
Thanks in advance.
I'm currently developing a web app that allows users to add a list of websites that they want to block i.e. preventing them from accessing the website from their browser.
Ideally I want to be able to block websites on every browser but this is difficult, so I narrowed my research to just Chrome for now. I came across the chrome.webRequest api which seems promising but it specifically says its for chrome extensions and am unsure if it would work for my web app.
Can anyone point me in the right direction for blocking websites on a web app, ideally using javascript. Any help is much appreciated!!
EDIT:
1) I forgot to mention that I'm using firebase for my backend.
2) People have been saying that I can't block websites outside the web apps scope, if I instead used electron to make the web app a desktop application would it then be possible?
Firstly you have a database containing URL of blocked websites. URLs are modified using your web app. That's one part. Now your problem is how to make the browser work with your database.
The only possible way for you to share blocked URLs with the browser is via API. You must have API that can communicate outside your web app.
Now browsers such as chrome/firefox give users the power to make changes inside and outside the dom. For chrome, you have chrome extension where Google provides API so the users can manipulate actions outsides regular actions such as manipulating dom. An example I can give that is closely related to your subject matter, which is an action activated before/after a user enters URL on the search box and for that, we use the following API from https://developer.chrome.com/extensions/webRequest
And it's same for Firefox.
I was entering my Google account recently and noticed that not only did it say which browser I was currently using - it also knew the exact name of the computer I was using. How is Google able to fetch these informations?
I have been browsing the internet for javascript methods that should give me computer name or similar - but I am sure that Javascript is not able to read these data. If for anything, the site should maybe contain a small java application that executes and fetches the data, but that would usually require for me to accept that java is running in the browser by clicking a modal opening box.
Then I thought maybe they executed some C code in the browser - but how do they do it and access data outside the browsers "sandbox"? A third theory I have is that when I installed the Google Chrome browser, it was able to pass along these details - but it didn't make sense neither when I note that it also knows my iPads exact name though I haven't installed any google applications on my ipad at all. (neither google maps, gmail, chrome or anything).
UPDATE 01/25/2016
I have given this some extra thought and seemed to stumble across something else. I went through possible solutions using node.js or Flash to do the same, but I recalled that Google writes everything in Python, which made me think if it was simple enough using Python. I found this post: How can I use Python to get the system hostname? and thought that this might be a way for Google to it. I don't know if this is still achievable when you are writing a website and if this is a browser-based method as well (mind you I am not Python programmer at any level).
I did some testing. I have 2 Google accounts, and what I found was that on my main account (which I use with Chrome), Google knows my computer name. On another account, I am logged in with Edge and Firefox, but neither of them show my computer name. It was not until I logged into the Chrome browser ITSELF (not the Google page) as a Chrome user that my second Google account showed the browser I was using.
I verified this on my laptop: I logged in with my second account into the Google website on a new user, which didn't update the computer name on either device in the security settings. Once I logged into the Google Browser with that account, it showed my computer name. So it looks like because you're logged into Google Chrome, Google knows your computer name.
Note that Google using a sandbox does not make any difference for this. It is trivial to find your computer name, all it takes is hostname in a command prompt.
the problem here is if there was a way to get dekstop name though headers that means the browser has that info and if it has there will definitely be some way of getting the name from javascript but there is not i support the above answer that the google uses some sync bad habits or it may be that it stores the ip address which btw we can get with headers this might be the case as with tokens and this ip address thing ddos attacks will be quite easier to deal with so this ip address storing might be true but still its just a guess
Because when you connect to Google they install cookie in your compputer for they know your information and for say you are alerady come here its Like ID Installor
Cookie its file (ID) when you connect to site, the site use this file for know if you alerady came here or not and they can get all your infos: IP, Computer Name, Access To WIFI I thing and create special and unique ID on your pc
that are why they know your computer name
I don't know you still want to know that or not but anyway,
Every requests that browser sends to loading every pages on the web has some headers, and this headers has some information about browser, referral url and etc..
The important one in this case is "User-Agent" header which includes information about browser, OS and few more information.
You could access the browsers User-Agent string using Java Script in client side via:
navigator.userAgent
and even in server side programming languages like PHP and ASP and etc.. .
This is and example User-Agent string of Safari browser on Macintosh Device:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
Also you can get yourself User-Agent string and all of analysed datas here
I'm planning to make a login system by USB, so if you put in a USB-drive and open a specific webpage, the website asks the USB-drive for the code (e.g. by a JavaScript file, a redirect or something like that).
The problem is, because of sandboxing, you can't load or redirect to local files. I don't know a solution for this problem. Can you guys help me? I don't need specific code, just an example or something in that way.
Maybe you can read up on USB-HID. Wikipedia:
The USB human interface device class (USB HID class) is a part of the USB specification for computer peripherals: it specifies a device class (a type of computer hardware) for human interface devices such as keyboards, mice, game controllers and alphanumeric display devices.
Here are some references:
USB HID (Human Interface Device)
node-hid - Access USB HID devices from node.js
DepthJS: 'Allows any web page to interact with the Microsoft Kinect using Javascript'.
A related Stackoverflow question:
Write data to USB HID using Javascript, HTML5, or any cross platform language (supports Android)
One other possibility is to check out the Chrome HID (Human Interface Device) APIs:
Interacting with USB HID devices from web apps – via Chrome Apps, see below
Relevant Chrome API docs
Please note that for the time being, you cannot interact directly with the USB device (i.e. you cannot access any WebAPI offering that kind of fine-grained control).
Building a Chrome App (different from a Chrome Extension) may help; This article may point you in the right direction, since it also provides sample code.
The only way I can think of is putting a html file on the usb stick that essentially generates some sort of login token and gives you a link or a form to a login processor. You can then access the webpage by opening the local file first which will redirect you to the actual webpage.
This local script may include a javascript from the server to get some challenge-response-data which it hashes somehow (perhaps in combination with a password) and puts it into the form data.
Web PKI authentication from Modern Browsers may be achieved by using Browser Extension. One such extension is Signer.Digital browser extension. Use below Javascript promises from the APIs provided by Signer.Digital extension.
SignerDigital.getSelectedCertificate() to register user's certificate
SignerDigital.signHash(hash) to sign token at browser and verify at server
For all Javascript APIs refer to SO Answer https://stackoverflow.com/a/63173083/9659885
Disclaimer : I work for a company supporting the application below
Hello, you may try to use Nexu open-source application for communication with smartcards or USB tokens. It also support PKCS 12 keystores.
For example, the application is connected to the DSS webpage on the website of European Commission : see the link.
Synopsis: I am developing a HTML5 web app that will allow tablets(iPad or Droid) to login to a server and perform various functions. The client would like a way to check the devices mac address when logging in. From what I have read, most solutions use activex objects that will not work for webkit browsers.
Question: Does anyone know a solution that would hook into a HTML5 web app seamlessly(Idealy update a hidden form element with the value upon logging in)?
Thanks!
I don't think there's going to be a straightforward way to do this. The web server won't be exposed to a client's MAC address unless they're on the same physical segment...you'll only see the MAC from the most recent router hop in general.
If anything exists, it's going to be a browser plugin (show-stopper on iOS). And it would probably need more than the default permissions available (I don't suspect you can enumerate network interfaces in Java, for example, without asking for elevated permissions).
If you're looking for HTML/JS only then I don't think that this is possible. It won't be exposed.
The problem is that the packets you recieve back will only contain the MAC address of the node on the last hop.
This may be possible via a plugin, but then this limits you on iOS, and possibly also Android as you'd need to provide them a way of getting the plugin first (unless you used a plugin that was installed by default).
Edit: Not that I support an app for every little thing, but it shows that easy to press app buttons sometimes tend to do better than web apps (regardless of being able to make browser shortcuts to home screens). If it is suitable, you could consider loading this within a web view on the target device from within an app, from which you can then of course access MAC addresses and whatever else you may need.
MobiThinking: Mobile applications: native v Web apps – what are the pros and cons?
Forbes: Mobile Web App vs. Native App? It's Complicated