detect a specific device

[Paolo Valleri]

Hi all,

I'd develop a web2py responsible app instead of an android app; at a first sight it seams to some extent feasible. The only issue is related to an unusual requirement, the web2py app (running on an intranet) must be accessible only from well defined devices (android tablet). If needed I can, let say, 'customize' the android tablet. 

What can I do in order to satisfy this requirement? Be aware that the simplest trick you have in mind should be fine because the app runs in an intranet; given that I don't foresee malicious attacks or any kind of hack.

Regards

Paolo

[Leonel Câmara]

I guess you can use something like:

    request.user_agent().is_tablet and request.user_agent().dist.name == 'Android'

[paolo....@gmail.com]

Hi, 

what you posted can be a starting point but it is not enough because it doesn't guarantee that a different android tablet has been purchased. 

The requirement is, only a well defined set of tablets can access the webapp.

 Paolo

2014/1/14 Leonel Câmara <leonel...@gmail.com>

I guess you can use something like:

    request.user_agent().is_tablet and request.user_agent().dist.name == 'Android'

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/3Q7izsidMXM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Dave S]

On Tuesday, January 14, 2014 11:05:17 AM UTC-8, Paolo Valleri wrote:

Hi, 

what you posted can be a starting point but it is not enough because it doesn't guarantee that a different android tablet has been purchased. 

The requirement is, only a well defined set of tablets can access the webapp.

Can you require a token on the tablet?  Perhaps the browser can pass that the way it does a cookie.  I'd look at making a token that's basically a wrapper of a cert or perhaps encrypt the device's serial number (SN) with the associated key?

/dps

[Willoughby]

You need to specify what is a 'well defined device'...
Even a MAC address can be spoofed.

[Niphlod]

this is an architectural problem: what does the device send to your app to be able to identify it ?
If it's a webapp and it is accessed via the browser, and there are no running bits on the device itself speaking to your webapp, then the headers and the env are the only thing you can rely onto (fortunately, browsers are fully isolated).

Hello, authentication (or fixed ip address)!

[paolo....@gmail.com]

hi, thanks everyone for the answers

@Willoughby I don't think the mac address is sent/received in an http request, isn't ?

@dave your suggestion is in the right direction but how can you automatically tells the browser to send this token?

@niphlod authentication is not enough, an user can still use his/her credentials to log in in a different tablet, ip address would work but it is too intrusive for an already present intranet.

Following @dave suggestion, I thought about a cookie that never expire, the first time the tablet start the 'a setup app' stores the cookie on both the client browser and in the server, however I'm not convinced this solution would work either; the 'setup app' is not foresee at all. I've to verify if there're ways to pre-install the cookie in the tablet?

 Paolo

2014/1/14 Niphlod <nip...@gmail.com>

[Ricardo Pedroso]

More food for thoughts...

I think I would go with a small android native app built around the
android WebView control and, the easy way,
hardcode a token or a pair of username/password to do a basic/digest auth.

Going native you can also get the device id and make use of it.


Ricardo