在iOS上唯一安全地标识用户
[英]Uniquely and safely identify a user on iOS
问题描述
I'm having an iOS app where I want users to rate specific things with a rating from 1 to 5. It is meant to work without login. 
我有一个iOS应用,希望用户对特定的事物进行评分,评分为1到5。这意味着无需登录即可工作。
The thing is that I want to identify each user uniquely so that nobody can abuse the system and rate for the same thing twice and/or just spam the server with fake ratings. 事实是,我想唯一地标识每个用户,以便没有人可以滥用该系统并对同一事物进行两次评级,并且/或者只是对服务器进行虚假评级。
So I need a identifier which is 所以我需要一个标识符
- Unique (A user should not be rejected to vote because the system thinks he already voted) 唯一的(不应该拒绝用户投票,因为系统认为他已经投票了)
- Recoverable after reinstall (To prevent "Reinstall and revote") 重新安装后可恢复(以防止“重新安装并撤消”)
- Validatable (To prevent some mass requests to the server with some fake identifiers and just spam ratings) 可验证的(为了防止向服务器发送大量带有假冒标识符和垃圾邮件等级的请求)
I know that it is impossible! 我知道这是不可能的! to make this safely and if some smart guy/girl really wants it, he can break the system. 为了安全地做到这一点,如果某个聪明的男人/女孩真的想要它,他可以破坏系统。 But I want some safe as possible system for me to identify the user. 但是我想要一个尽可能安全的系统来识别用户。 Also, it can break the whole system when someone starts to spam ratings and I can't control it. 此外,当有人开始对垃圾邮件进行评级并且我无法控制它时,它可能会破坏整个系统。
Also I've thought about only asking the user for the e-mail and generate a password from the device. 我还考虑过只询问用户电子邮件并从设备生成密码。 So the user only has to input his E-Mail address and then the device is connected to that e-mail address. 因此,用户只需输入他的电子邮件地址,然后将设备连接到该电子邮件地址。 Maybe using the MAC-Address? 也许使用MAC地址? But then again this one is changeable, too. 但是话说回来,这个也是可以改变的。
I know that the following attributes will not work: 我知道以下属性将不起作用:
- IP-Address (It is easy to change it and! is changing a lot. Also it is not unique) IP地址(很容易更改,而且更改很多。而且它不是唯一的)
- UUID (It is not validatable. Someone can just generate some random X-length numbers) UUID(无效)。有人可以生成一些随机的X长度数字)
- https://developer.apple.com/library/ios/documentation/UIKit/Reference/UIDevice_Class/index.html#//apple_ref/occ/instp/UIDevice/identifierForVendor (it is not fullfilling 2. and 3.) https://developer.apple.com/library/ios/documentation/UIKit/Reference/UIDevice_Class/index.html#//apple_ref/occ/instp/UIDevice/identifierForVendor (未填充2.和3.)。
Identifying anonymous users did not help me really. 识别匿名用户并没有真正帮助我。
So what can I try to use? 那么我可以尝试使用什么呢? A combination of all of these? 所有这些的结合? Is there some guide on how to calculate these kind of authentication-tokens? 是否有一些有关如何计算这类身份验证令牌的指南?
Answers like "Nobody will try to hack your app you retard" or "Your app sucks anyway" are not welcome, since this is also a scientific question. 不欢迎您回答“没人会尝试破解您延迟的应用程序”或“反正您的应用程序很烂”之类的答案,因为这也是一个科学问题。
1 个解决方案
解决方案1
0 2015-09-18 09:53:24
You can send Vendor ID along with the ratings of that user. 您可以发送Vendor ID以及该用户的ratings 。 If any user rates, try to check in database server whether this Vendor ID exists or not. 如果有任何用户评分,请尝试在数据库服务器中签入此供应商ID是否存在。 If exists, promote message that "You already rated". 如果存在,则提示“您已经评分”的消息。 In short, you can use Vendor ID to uniquely identify particular user. 简而言之,您可以使用供应商ID来唯一标识特定用户。
Here is how you can get Vendor ID: 这是获取供应商ID的方法:
NSString *udid = [[[UIDevice currentDevice] identifierForVendor] UUIDString];
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.