2011年06月的文章

关于evercookie

这东西是把双刃剑,看你怎么用了

http://samy.pl/evercookie/
这其实就是一个给客户端打上永久标记

Specifically, when creating a new cookie, it uses the following storage mechanisms when available:
     - Standard HTTP Cookies
     - Local Shared Objects (Flash Cookies)
     - Silverlight Isolated Storage
     - Storing cookies in RGB values of auto-generated, force-cached
        PNGs using HTML5 Canvas tag to read pixels (cookies) back out
     - Storing cookies in Web History
     - Storing cookies in HTTP ETags
     - Storing cookies in Web cache
     - window.name caching
     - Internet Explorer userData storage
     - HTML5 Session Storage
     - HTML5 Local Storage
     - HTML5 Global Storage
     - HTML5 Database Storage via SQLite
 
    TODO: adding support for:
     - Caching in HTTP Authentication
     - Using Java to produce a unique key based off of NIC info

关于web用户识别的一些东西

需要捣鼓一个能用户识别的东西(说白了就是用客户端打上个标识,在后期的应用中能够识别出这个客户端),在部分特殊应用下,用途大大的好,以后可能会用得更多。这里先自己记录些东西

Anehta的水印(Watermark)机制
http://www.x-woods.com/tutorial/sharedobject.swf
http://onedear.cn/entry/evercookie1.html
http://onedear.cn/entry/evercookie2.html
http://onedear.cn/entry/evercookie3.html

还有些做这一块的厂商:
ThreatMetrix(alibaba有在用)
Arcot被CA收购了