I want to get the client's information from the server side using servlet. This information can be used to identify the client. This idea is similar to installing new software and it requires the user to agree the terms in order to continue installing the software. I'm not sure what kind of information they get but in my case, I need some information which can identify the client. I'm not good at hardware specification but as I know that we can use Mac Address, HDD serial, CPU ID and some information of client such as user account...(if possible) to identify the client since these values are unique.
Firstly, I thought that the getProperties in System class can do that but then I recognized that what it gets is the server's information. Do you have any idea about this? Could you please give me some advices? Thanks a lot!
Additionally, a lot of the information that you can get from the methods of HttpSerlvetRequest will be of limited value.
For instance, a company could have a subnet with multiple people sharing the same IP number. If your user has a DHCP connection, their IP could change each time they access your application.
On the other end, some of your clients might want to access your app from multiple computers (desktop PC in the office, laptop when on the road, home machine).
If you try to tie their account to one particular machine you could run into problems with these people.
As we know that on the internet environment, it's very difficulty to verify a user whether that he is the exact person that he stated to be (password, certificate....can be the solution but they can be steal on the internet and they are not really bind to the user).
Just to make you aware, the hardware is not a "silver bullet". If you've ever looked into device discovery software you'll see it tends to have a scoring mechanism to identify if one device is the same as another. Why do they do this? The hardware spec. (and software spec.) of a PC sitting in a big organisation will be very similar to the PC sitting next to it, and the tens of thousands of other PCs dotted throughout the organisation. How do you tell that a PC is a different PC, or a piece of hardware (or some other detail) has been changed in that PC? I'd be annoyed if I was locked out a site because (say) techical support has increased the memory on my machine. And as technical support, I'd be looking for a new job if I had to respond to requests for fixing access problems that involved picking through a hardware spec. to find out what (if anything) had changed.
There are pretty secure mechanisms out there that require the user to identify themselves. OK, not 100% fool proof, but (depending how they are implemented) good for the vast majority of uses. If your application needs to be really secure do what the banks do: buy yourself a private network, put it in a secure building and deploy it there.
I'm sorry for my persistence and my stupid question. I still wonder that can we use java applet combining with servlet to get this information?