简体繁体 English

可以使用拇指扫描仪登录Web应用程序吗？

[英]Possible to use thumb scanner to login to web application?

原文 2010-07-06 19:53:10 9 1 php/ security/ login

Is it feasible to allow users to login to my web application (php/mysql) using thumb scanner? 允许用户使用拇指扫描仪登录我的Web应用程序（php / mysql）是否可行？ USB scanners seems available and not too expensive, but has anyone got experience with it? USB扫描仪似乎可用而且不是太昂贵，但有没有人有经验呢？ How to make it work with php so users instead of filling in regular username/password fields would actually be able to login by scanning thumb. 如何使它与PHP一起工作，所以用户而不是填写常规的用户名/密码字段实际上可以通过扫描拇指登录。 Are there any opensource/relatively cheap solutions available? 有没有开源/相对便宜的解决方案？ So far I found http://www.m2sys.com/ which looks pretty decent but is a bit expensive, considering I would need to provide initially ~400 users with scanners and all that. 到目前为止，我发现http://www.m2sys.com/看起来相当不错，但有点贵，考虑到我需要提供最初~400用户的扫描仪等等。

1 个解决方案

This would be quite a bit less secure than what they're normally used for, though it could be useful. 这比通常使用的安全性要差一些，尽管它可能很有用。

You would have to write a client-side app that could communicate with the scanner, or some way for the scanner to get the fingerprint data and then pass that to the server. 您必须编写可以与扫描仪通信的客户端应用程序，或者某种方式让扫描程序获取指纹数据，然后将其传递给服务器。

However, this is where you really want (need) to do some security. 但是，这是您真正想要（需要）做一些安全性的地方。 You don't want to just send someone's fingerprint across the internet - that's like sending a password in plain text. 你不想只是通过互联网发送某人的指纹 - 就像用纯文本发送密码一样。 Now anyone who was listening can tell you the fingerprint data and hey! 现在，任何正在倾听的人都能告诉你指纹数据，嘿！ logon! 登录！

A "better" way would be to have a client-side app that reads the scan data, performs some type of fingerprint analysis, then encrypt either that data or a hash and then send that information across the net. “更好”的方法是使用客户端应用程序读取扫描数据，执行某种类型的指纹分析，然后加密该数据或散列，然后通过网络发送该信息。

It's probably a lot more difficult to do a secure bio-key authentication in this scenario - there are others in which it's a better fit. 在这种情况下进行安全的生物密钥身份验证可能要困难得多 - 还有一些更适合。 User/pass pairs are ubiquitous so that everyone is used to them (and 90% of your users probably use the same pair everywhere they go), and security to keep them confidential is fairly robust and relatively simple. 用户/通行对无处不在，所以每个人都习惯了（并且90％的用户可能在他们去的地方使用相同的对），并且保密他们的安全性相当强大且相对简单。 That's what I'd stick with - it's easier for you, and easier (more familiar) for your users. 这就是我所坚持的 - 它对您来说更容易，对您的用户来说更容易（更熟悉）。