大风起兮云飞扬
这个东西比较敏感,是把双刃剑,所以我不想在blog上讲太详细。 http://samy.pl/evercookie/ 这是一个给客户端打上永久标记的项目,类似技术我以前在blog里也写过,很多广告提供商用的特别多。
Specifically, when creating a new cookie, it uses the following storage mechanisms when available: - Standard HTTP Cookies - Local Shared Objects (Flash Cookies) - Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out - Storing cookies in and reading out Web History - Storing cookies in HTTP ETags - Internet Explorer asp x"> userData storage - HTML5 Session Storage - HTML5 Local Storage - HTML5 Global Storage - HTML5 Database Storage via SQLite TODO: adding support for: - Silverlight Isolated Storage - window.name caching - Caching in HTTP Authentication - Using Java to produce a unique key based off of NIC info对我来说,比较有趣的是 RGB的想法,把cookie存储在一个图片中,然后在客户端再读出来,给这个图片设置一个expires非常长的时间(Expire 头,用于客户端缓存,不同于cookie的expire属性) /* evercookie 0.3, by samy kamkar, 09/20/2010 * http://samy.pl : code@samy.pl * * This is the server-side variable PNG generator for evercookie. * If an HTTP cookie is passed, the cookie data gets converted into * RGB-values in a PNG image. The PNG image is printed out with a * 20-year cache expiration date. * * If for any reason this file is accessed again WITHOUT the cookie, * as in the user deleted their cookie, the code returns back with * a forced "Not Modified" meaning the browser should look at its * cache for the image. * * The client-side code then places the cached image in a canvas and * reads it in pixel by pixel, converting the PNG back into a cookie. * * -samy kamkar */ ETag /* evercookie 0.3, by samy kamkar, 09/20/2010 * http://samy.pl : code@samy.pl * * This is the server-side ETag software which tags a user by * using the Etag HTTP header, as well as If-None-Match to check * if the user has been tagged before. * * -samy kamkar */
查看更多关于关于evercookie - 网站安全 - 自学php的详细内容...