Imagine a website that uses google gears as a storage mechanism for various application level data. This data is intermittently replicated with a server using Asynchronous webservice calls while the application is active.
The problem lies in the subscription monitoring mechanism. Imagine a subscription system to this service based on unique PC’s. How does a webservice uniquely identify a PC (or more specifically a webbrowser) that is synchronising data with it?
My natural first idea was storing a GUID in the local database per machine and sending it off with the request but if one looks at the google gears storage documentation you discover that the database is unencrypted and can easily be tampered with (attaching to the sqllite file is all that is required and can be accomplished using various tools).
What I’ve been thinking recently is surely there is someway to calculate a signature that is repeatable per machine yet unique using only javascript? So far an implementation of this has eluded me (if only navigator.userAgent.uniqueID existed – although wouldn’t do much for privacy).
Last thought is obviously to write a ActiveX control and firefox plugin to provide this functionality but this would be a huge pain in the ass...
Any insights would be appreciated.