Possible to grab hardware ID with Java applet?

I want to grab a hardware ID with a java webapplet. Is this doable? If not, is there any web language I can do this with to help with a more secure authentica开发者_C百科tion?

You can use any one approach as described below:

1. Use Signed Java Applet to load some JNI compatible shared library and get your job done.

   public NativeHelloApplet() {
   AccessController.doPrivileged(new PrivilegedAction() {
       public Object run() {
       try {
           System.load(System.getProperty("user.home") +"/libhello.so");
           displayHelloWorld();
       }catch(Exception e) {
           e.printStackTrace();
       }
       return null;
       }
   });
   

   }

2. Use VB Script embedded in your web-page. Here is a sample:

   Use the Win32_SystemEnclosure class, and the properties SerialNumber and SMBIOSAssetTag.

   strComputer = "." Set objWMIService =
   GetObject("winmgmts:" _
   & "{impersonationLevel=impersonate}!\\"
   _
   & strComputer & "\root\cimv2") Set colSMBIOS = objWMIService.ExecQuery _
   ("Select * from Win32_SystemEnclosure") For Each
   objSMBIOS in colSMBIOS
   Wscript.Echo "Part Number: " & objSMBIOS.PartNumber
   Wscript.Echo "Serial Number: " _
       & objSMBIOS.SerialNumber
   Wscript.Echo "Asset Tag: " _
       & objSMBIOS.SMBIOSAssetTag Next
   

3. Design plug-in for every browser of your interest and collect data using them. MS uses this for Authenticated Software checking with FireFox.

Feel comfortable to let me know if you want to know more. That case, I shall write on my blog at http://puspendu.wordpress.com/

You can get a general idea of What Applets Can and Cannot Do, including access to certain system properties. In particular, unsigned applets "cannot load native libraries," which would probably be required for any kind of hardware identification.

If not, is there any web language I can do this with to help with a more secure authentication?

The issue is not strength of authentication. Rather it is whether a web language running in the user's browser should allow remote web services to access the user's hardware, files, etc. The answer is an emphatic "NO IT SHOULD NOT" ... unless the user implicitly grants permission by either installing a trusted plugin or a certificate.