• You can try using a tracking cookie; note however that such mechanisms are considered transient (e.g. cookies can be erased). In-browser JavaScript is sandboxed so that it does not have access to components outside the page. Note also that any feeling of security you'll gain with JavaScript is illusory - the script runs on the client side, where it can be modified (therefore there's no way to tell whether the "unique" piece of data is genuine or faked) or disabled altogether.

• If you're trying to prevent random people from hacking at your app, you may want to ban them after a certain number of failed attempts. This will not get you any security, it's more of a flytrap - it limits the annoyances somewhat.

• Finally, if you want actual security, go for HTTPS with real (NOT self-signed) server certificates and client-side certificates- see e.g. thisfor an implementation (that example, however, uses self-signed server certificates, which is not very secure). This is a mechanism that is well-implemented in the browser itself, and provides you with a somewhat secure system (complete with a secure keystore) of identifying your users (as opposed to a fundamentally flawed JS "security", or relying on user-readable files). Oh, and your data is encrypted while on the wire, that's a bonus.

• 您可以尝试使用跟踪 cookie；但请注意，此类机制被认为是暂时的（例如，cookie 可以被删除）。浏览器内的 JavaScript 是沙盒化的，因此它无法访问页面外的组件。另请注意，使用 JavaScript 获得的任何安全感都是虚幻的 - 脚本在客户端运行，可以在客户端进行修改（因此无法判断“唯一”数据是真实的还是伪造的）或完全禁用。

• 如果您试图阻止随机人员入侵您的应用程序，您可能希望在尝试失败一定次数后禁止他们。这不会给你任何安全，它更像是一个捕蝇草 - 它在某种程度上限制了烦恼。

• 最后，如果您想要实际的安全性，请使用具有真实（非自签名）服务器证书和客户端证书的HTTPS - 例如，请参阅此实现（但是，该示例使用自签名服务器证书，这不是很安全的）。这是一种在浏览器本身中实现良好的机制，并为您提供了一个稍微安全的系统（配有安全的密钥库）来识别您的用户（与根本上有缺陷的 JS“安全性”相反，或者依赖于用户）可读文件）。哦，您的数据在传输过程中是加密的，这是一个奖励。

SSL actually does what you're asking for: verifies that the client machine has a certificate issued to that user. This mechanism works inside the browser, not just inside the webpage; thus, it is much harder to subvert this than an in-page JavaScript. It stores a large unique identifier (clientside certificate) in a secure way, and it can proveto the server that it actually has that identifier - which is pretty much your initial requirement.

SSL 实际上可以满足您的要求：验证客户端计算机是否具有颁发给该用户的证书。这种机制在浏览器内部起作用，而不仅仅是在网页内部；因此，与页内 JavaScript 相比，颠覆它要困难得多。它存储在一个安全的方式大量唯一标识符（客户方证书），它可以证明到它实际上有标识的服务器-这是相当多的初始需求。

(Incidentally, using SSL, the data will be protected in transit, and the client can validate the server's identity; those weren't your requirements, but they're more or less necessary to assure that you're actually talking to the real client and real server)

（顺便说一句，使用 SSL，数据将在传输过程中受到保护，并且客户端可以验证服务器的身份；这些不是您的要求，但它们或多或少是确保您真正与真实客户端交谈的必要条件和真正的服务器）

JavaScript within a Web browser executes within a sandbox and has no access to the underlying hardware. Besides, MAC addresses aren't guaranteed to be unique.

Web 浏览器中的 JavaScript 在沙箱中执行，无法访问底层硬件。此外，不能保证 MAC 地址是唯一的。

No. And you shouldn't implement security with JavaScript only as any competent developer with Firebug will get around it in no time.

不。而且您不应该只使用 JavaScript 实现安全性，因为任何有 Firebug 的有能力的开发人员都会很快解决它。