Is there a way to get a unique system id using ActionScript?
I found this answer but it appear to be all C++
get unique machine id
Anyway, I am looking for a deterrent for copying our Flash App. It will be installed on a select number of kiosk in stores. Anything outside of that we want the client to come back to us.
It doesn't have to be rock solid just an annoyance.
My thinking is that we would define a list of system IDs in code and just do a simple compare.
You can get the machine's MAC address if you are using AIR:
read MAC address of machine from Adobe AIR
Also:
NetworkInterface docs
Related
I have deployed an application to the Windows Store. Is there any way to find out how many of users have uninstalled the app?
The store does not get updated when an app is uninstalled, so you would instead need to consider some other way of measuring it with your analytics (for example, you might consider an app uninstalled if it is unused after thirty days for a given device id)
To achieve what Rowland Shaw proposed, you must manually implement some kind of telemetry in your app.
You can do it all by yourself by retrieving the Device ID via the appropriate API (a quick search on the web could help here) and later send that ID to your web service on a periodic basis.
Alternatively you can use third party frameworks, Application Insights, just to name one, but I don't know if it allows you to track a specific Device ID natively.
I am wondering if someone knows the best method for storing data in a global DB against a mobile device (iOS and Android)?
I am building an app that writes/retrieves information based on a query however I need to know if any of the records returned were sent from that device.
Basically the idea is that if a user submits some information (which is stored in the DB) they gain access to additional features of the app. When the app is launched, I will check the DB to see if they submitted information in the past and allow access to other areas.
I use local storage for the information they submitted but also store remotely so if the local storage becomes corrupted for any reason there is still a record of the information the user submitted.
The ID needs to be unique to the device as there could be 100 of users (hoping for millions) so the ID needs to be unique enough that it will never conflict with another device. Any information submitted will be available for retrieval by all other users.
Thanks :)
There are three options as I see it:
1. User
You can create a typical username + password user scheme and use this to verify the user. A possible advantage of this method would be that the user can log in from any of their devices (for instance, under your method a user using the app from their iPhone and iPad would have two different views - which you may not want). Of course, this means forcing every user of the app to register within your system, which is not ideal.
2. App Install
You can uniquely identify an app install by having your app generate a UUID the first time that the app is run (you can use an AS3 helper library to generate the UUID). You can store this UUID locally and send it along with every request the app makes. The downside to this approach is that it doesn't uniquely identify the device - only a specific app install. For instance, if the user deletes the app and then reinstalls it at a later point, it will now count as a new unique device, even though the user is on the same device.
3. Device
AIR does not have a built-in way of reading device identifying info. However, you can retrieve device info through AIR Native Extensions, for example this one can get the MAC address and some other things. There are privacy concerns and other issues involved in reading and storing device info such as these, so you are probably best served trying to implement the OpenUDID project as an AIR Native Extension, since they have already dealt with all such issues. Unfortunately, I have never looked too far into developing ANE's so I am not sure how complicated or feasible it will be to turn OpenUDID into an ANE.
Summary: I would recommend the app install method due to the ease of implementation. If you really need the unique device and are worried about the multiple app installs case, you will have to work out how to use native extensions to get the info you need. If you decide that you would rather identify by user rather than device, use the user method.
As of now I don't think its possible to get the hardware devices guid using air mobile. However you do have a couple of options.
If the MAC address is good enough for you there is an ANE that will let you grab it on both iOS and Android.
http://www.adobe.com/devnet/air/native-extensions-for-air/extensions/networkinfo.html
and an example of how to use it
http://cookbooks.adobe.com/post_Getting_NetworkInfo_from_both_Android_and_iOS-19473.html
You could also write your own ANE, it should be pretty simple to wrap both Android and iOS implementations.
Objective-c: [[UIDevice currentDevice] uniqueIdentifier]
Android: TelephonyManager.getDeviceId()
If your app requires any kind of user account or login the best option would be to store this setting in the remote db.
Just a quick question, I googled around for a bit but everything resulted in other AS3 tidbits.
Is it at all possible to access a user's computer logon name from AS3? I wouldn't have assumed so but given we can access other information directly from the computer (eg date), I just wondered if it was possible.
Thanks!
Harry.
On the web, I believe you can't get such an info.
If you are working on the desktop with AIR, you may retrieve the user's directory with
File.userDirectory
and its name which should be the same as the user's
File.userDirectory.name
I'd love to know the login of the user, but also his password.
I think it's not desirable to be able to get such information, especially from a client-side script. This is possible with ASP.NET using Windows Authentication. When the user is authenticated you can use User.Identity.Name. It should be possible to write that name to the front-end, and you can pass that to Flash using ExternalInterFace
If you are using Adobe Air, it is easier to grab the users name, since you have access to the users filesystem. See Get the current logged in OS user in Adobe Air.
Btw, on the web, it is not an unusual question to ask the user what his (user)name is.
I have been approached regarding building a touch screen app for a client, but as it will be for use on kiosk machine it needs to interface with a bill/coin acceptor and a printer.
What are the common the ways of accomplishing this?
1st of all if you will be doing it with AS3, anyway it need to run somewhere, i mean OS. Usualy it is Linux or Windows.
2nd The app will be more interface. More about printing you can find here: http://goo.gl/5qoy6
3th can not tell anything about bill / coin acceptor but there somewhere between that and your App should be another application which sends data to Aapp and gets orders from App what should the acceptor do. ( or it is the acceptors software allready )
My bank website has a security feature that let me register the machines that are allowed to make banking transactions. If someone steals my password, he won't be able to transfer my money from his computer. Only my personal computers are allowed to make transcations from my account. So...
What are the approaches to restrict the access to a group of machines in a web system?
In other words, how to identify the computer who made the http request in the web server?
Why not using a clients certificate inside the certificate store of an authorized host or inside a cryptographic token such as smartcard that can be plugged into any desired computer?
Update: You should take into account that uniquely identifying a computer means obtaining something that is at a relative low level, unaccessable to code embeded in an html page (Javascript, not signed applet or activeX), unless you install something in the desired computer (or executing something signed such as an applet or activeX).
One thing that is unique per computer is the MAC address of the Ethernet card, that is almost ubiquitous on every rather modern (and not so modern) computer. However that couldn't be secure enough since many cards allow changing its MAC address.
Pentium III used to have an unique serial number inside CPU, that could fit perfect for your use. The downside is that no newer CPUs come with such a thing due to privacy concerns from most users.
You could also combine many elements of the computer such as CPU id (model, speed, etc.), motherboard model, hard disk space, memory installed and so on. I think Windows XP used to gather such type of information to feed a hash to uniquely identify a computer for activation purposes.
Update 2: Hard disks also come with serial numbers that can be retrieved by software. Here is an example of how to get it for activation purposes (your case). However it will work if sb takes the HD to another computer. Nonetheless you can still combine it with more unique data from computer (such as MAC address as I said before). I would also add a unique key generated for a user and kept in a database of your own would (that could be retrieved online from a server) along with the rest to feed a hash function that identifies the system.
Did you actually install something?
Over and above what Mark Brittingham mentions about IP addresses, I suppose some kind of hash code that is known only to your bank's computer and your computer(s) would work, provided you installed something. However, if you don't have a very strong password to begin with, what would stop someone from "registering" their computer to steal money from you?
I would guess your bank was doing it by using a trusted applet - my bank used to have a similar approach (honestly I thought it was a bit of a hassle - now they're using a calculator-like code generator instead). The trusted applet has access to your file system, so it can write some sort of identifier to a file on your system and retrieve this later.
A tutorial on using trusted applets.
I'm thinking about using Gears to store locally a hash-something to flag that the computer is registered.
If you are looking for the IP address of the computer that makes an account-creation request, you can easily pull that from the Request. In ASP.NET, you'd use:
string IPAddress = Request.UserHostAddress;
You could then store that with the account record and only accept logins for that account from that IP address. The problem, of course, is that this will not work for a public site at all. Most people come through an ISP that assigns IP addresses dynamically. Even with an always-on internet connection, the ISP will occasionally drop and re-open the connection, resulting in a change of IP address.
Anyway, is this what you are looking for?
Update: if you are looking to register a specific computer, have you considered using cookies? The drawback, of course, is that someone may clear their cookies and thus "unregister" their computer. The problem is, the web only has so much access to your computer (not much) so there is no fool-proof way to "register" a computer. Even if you install an ActiveX control, they could uninstall or delete it (although this is more persistent than a cookie). In the end, you'll always have to provide the end-user with some method for re-registering. And, if you do that, then you might as well have then log in anyway.