Newbie question.
I'm trying to make a mobile site using html5's geolocation (I know technically it's a separate spec, but still) to identify user's current position and post that to a web service which then does something. Basically a browser version of Four Square.
Is there anyway that I can verify that the user is really at that location? I want to prevent someone from making something, say a console app, that sends fake lat/long to the service.
Any suggestion is welcome, even if it doesn't get me there 100%. Thanks, SO community!
The short answer is no. All you can know for sure is where the browser claims to be. A sufficiently determined user could fake this.
A feature like this is really best used for convenience, not for security.
Ask the user to take a photo of the area, and compare that with Google Street View images near their stated location.
Or no. You might be able to get location information from DNS LOC (RFC1876), which might be accurate to within a few tens of kilometres, and only then if the DNS information is also accurate.
Yes - I know there is because GoWalla (available for free at the iPhone app store) requires a user to be at a given location before checking-in.
Unfortunately I'm not familiar with how they did this.
Related
I want to make a website about sharing locations. But I couldn't find how to get user's location. This will be free application so I don't want to pay Google or anything else. I will use the python 3.x so there is no js.If it's free I will be very happy.
Functionality such as geolocation requires the use of JavaScript. The feature you are looking for is the Geolocation JavaScript API.
Python cannot do in the browser what JavaScript can do. They are used for completely different things in the context of websites. Python can be used on the backend, but to add most dynamic functionality on the frontend, you need JavaScript.
The only way to figure out a user's location, without directly asking them, is by their IP.
I found python-geoip through a quick Google search, which seems to offer what you're looking for.
Other than that, you could use HTML forms to actually ask the user their location, which doesn't require any JavaScript, just HTML, and then process that information on the backend.
I want to be able to achieve the same thing as you do with hosts but using a chrome plugin. I'm not sure if theres one available.
Essentially, I want to point a url to a specific IP address that's not listed on the web. I don't want to use the hosts file because I want to make this as easy as possible for my clients.
Is there a plugin out there or a solution that is contained within a web browser?
This is DNS:
I want to point a url to a specific IP address
However, this:
that's not listed on the web.
causes questions. You could generate random names in DNS to obfuscate what you're doing, but anything you present as a client based solution where the client doesn't have to do this work will need to be translated, whether you reinvent the wheel from scratch or use a solution that's already available.
I would like to publish an app in google play, but I want to restrict the downloading under password or something like that. Is it possible? Is there any alternative?
Many thanks in advance,
Short Answer:
No.
Slightly Long Answer:
Applications available on Google Play cannot be downloaded only after a user authenticates. Any such feature will have to be implemented withing your application. At best, if this feature is needed for monetary reasons, publish a paid application.
Since the OP isn't descriptive beyond what you are looking for as a feature, it will be difficult to suggest an option / alternative that might suit your requirement. However, if you have a server setup that can communicate with the app, you can implement a feature which requires users, upon installation and running your app, to Sign Up for a new account and/or Login if already registered.
Again, I will circle back to the original point. Any such feature will have to implemented within the application itself. Google Play does not have such a feature.
I know that GeoLocating requires elevated trust from the user in order to get the location.
Is that part of the standard?
Is the trust level elevation part of the standard?
Which features requires user permission?
do i need to give permission for each feature seperately? or is it "trust-mode" on/off ? can the website keep the permission? or is it just per session?
I'm just starting to get ino HTML 5 myself, so I am going to try to answer as best I can. From what I understand it is not necessarily an "elevated trust" (sounds alot like Microsoft UAC term). Its more of a "granting of permission" for a site to access the user's location.
W3C - http://dev.w3.org/geo/api/spec-source.html#security
The API defined in this specification is used to retrieve the geographic location of a hosting device. In almost all cases, this information also discloses the location of the user of the device, thereby potentially compromising the user's privacy. A conforming implementation of this specification must provide a mechanism that protects the user's privacy and this mechanism should ensure that no location information is made available through this API without the user's express permission.
The way each browser implements this is up to the browser maker (ie google, microsoft, mozilla). For instance chrome will ask for permission for a domain and save that domain in a list of sites that can access the geo location feature. This works in the same way a pop up blocker has a list websites that are ok to "allow pop ups from".
So, I guess its hard to answer your question becuase it depends on the browswer and how those features are implemented.
Is that part of the standard? Is the trust level elevation part of the standard?
Kind of, yea. The standard says to implement some kind of a mechanism.
Which features requires user permission?
Sorry can't say for certain regarding this becuase I am not familiar enough will all the features of the standard. But I am pretty sure that access hardward like camera will be included in this list.
Do i need to give permission for each feature seperately? or is it "trust-mode" on/off?
I would think so, but this again will depend on the browswer makers "implementation" of the standards.
Can the website keep the permission? or is it just per session?
This would also depend on the browser, I can tell you that Chrome keeps a list once permission is granted (at least for geo location). You can then remove the permission later. I am not sure if they it is the same for other features with crhome.
Hope it helps.
I have a page that is just a non interactive display for a shop window.
Obviously, I don't link to it, and I'd also like to avoid people stumbling across it (by Google etc).
It will always be powered by Chrome.
I have thought of...
Checking User Agent for Chrome
Ensuring resolution is 1920 x 1080 (not that useful as it is a client side check)
Banning under robots.txt to keep Google out of it
Do you have any more suggestions?
Should I not really worry about it?
Not that I would EVER recommend what I'm about to suggest - how about filtering by IP address. Since you provider IP is rarely going to change you can use Javascript to kick out or deny requests from IP addresses other than yours. Maybe a clean redirect to http://www.google.com or something silly like that. Although I would still suggest locking it down with a login and password and just have it write a never expiring cookie. That's still not a great idea but a shy bit better than the road your trucking down right now.
You could always limit the connections by IP address (If you know it ahead of time/it's reliable):
Apache's access control
If it is just for a shop window, do you even need access to a web page?
You can host the file locally.
Personally, I wouldn't worry about it, if no-one is linking to it externally it is unlikely to ever be found by search engines.