Tag: detect

Device Fingerprinting

Often it can be beneficial to ‘more’ uniquely identify your users. For applications this is trivial, but in a web browser this can be accomplished via only a few attributes.

  • HTTP – User-Agent, IP Address, Content types and languages accepted.
  • HTTPS/SSL – the keys and encryption methods available to a specific user may vary for each client configuration.
  • HTML5 – local storage and capabilities supported.
  • Geolocation – this is included in HTML5, but also supported in many clients without full HTML5 support, or via browser extensions.
  • JavaScript – Installed version – and many DOM attributes/capabilities such as timezone, installed plugins, screen sizes and fonts from the browser can be detected.
  • Java (Applet) – Installed version – this can often be used to get additional information regarding the client system directly from the VM or Operating System itself. (* Persistent Cookies possible)
  • Flash – Installed version – this can often be used to get additional information regarding the client system directly from the Operating System itself. (* Persistent Cookies possible)
  • Silverlight (for Microsoft Windows) – – Installed version and additional information from Operating System?
  • GoogleGEARS (deprecated) – Installed version and additional information from Operating System such as Geolocation

REFERENCES:

MSIE Conditional Comments

This approach is useful in building standards based websites and allows you to prevent it from being “polluted” by various hacks used to support MSIE. MSIE5 and newer support the use of Conditional Comments and thus allow the developer to include additional files or markup for specific versions of the browser. Other browsers will see the content as an HTML comment and thus ignore it.


<!--[if IE]><style type="text/css">@import "/css/IE=Fixes.css";</style><![endif]-->
<!--[if lt IE 5.5000]><style type="text/css">@import "/css/IE50Fixes.css";</style><![endif]-->
<!--[if IE 5.5000]><style type="text/css">@import "/css/IE55Fixes.css";</style><![endif]-->
<!--[if IE 6]><style type="text/css">@import "/css/IE60Fixes.css";</style><![endif]-->
<!--[if IE 7]><style type="text/css">@import "/css/IE70Fixes.css";</style><![endif]-->
<!--[if IE 8]><style type="text/css">@import "/css/IE80Fixes.css";</style><![endif]-->
<!--[if IE 9]><style type="text/css">@import "/css/IE90Fixes.css";</style><![endif]-->
<!--[if lt IE 7]><script type="text/javascript" src="/wiki/skins/common/IEFixes.js"></script><![endif]-->

REFERENCES:

Detecting browser SSL capability with JavaScript

If you run a secured website using HTTPS (aka SSL) it’s often wise to stop or notify users that are using a browser or client that doesn’t support the proper encryption level required.

Here’s a short method to “sniff” the capabilities prior to forwarding users to the secure area. You could add logic to inform the user of the problem.

As usual I’ve stripped a lot of the XHTML markup for readability.

<html>
<head>
<!– set ‘sslok’ global variable for testing SSL capability –>
<script type=”text/javascript”>
<!–
var sslok = 0;
//–>
</script>
<!– try including source javascript from secure server, this will set “sslok” to 1 if it works –>
<!– note that the /secure directory is protected so that only 128+bit SSL is allowed –>
<script type=”text/javascript” src=”https://www.example.com/secure/ssl-test.js”></script>
<!– if ssl is 1, our javascript include worked, so SSL is successful – redirect to SSL –>
<script type=”text/javascript”>
<!–
if (sslok == ‘1’) {
window.location = ‘https://www.example.com/secure’;
}
//–>
</script>
</head>
<body>
</body>
</html>

Contents of the ‘ssl-test.js’ file:

<!– set sslok to 1, so we know this include succeeded –>
sslok = ‘1’;

NOTE: If you use the same ‘filesystem’ for HTTP & HTTPS you might want to use a server-side program (PHP or Java for example) to generate the JavaScript.  Benefit of that process would be that you could also interrogate and return other SSL attributes such as cypher strength.

Cheers!