Results 1 to 5 of 5

Thread: How to be sure that only my application can interact with my server

  1. Jan 22nd, 2010, 11:51 AM #1
    mariano_donati
    mariano_donati is offline

    Thread Starter
    Addicted Member
    Join Date
    Dec 2005
    Posts
    198

    How to be sure that only my application can interact with my server

    Hi,

    I'm developing a client/server application. If I know for sure that only my client can interact with the server, I can avoid a lot of business logic in my server since I can assert that all received data has the right format and type.
    So, I'd like to know if there is some standard way to let the server knows that the client which is trying to connect is the right one.
    I have thought of some kind of private handshake, but the trouble I see here is that if someone takes the ildasm tool will see how the client implements the handshake, so it'll be easy then to replicate the behaviour to cheat the server.
    What would you recommend?.

    Cheers.
    Reply With Quote Reply With Quote
  2. Jan 24th, 2010, 06:52 PM #2
    cicatrix
    cicatrix is offline
    PowerPoster cicatrix's Avatar
    Join Date
    Dec 2009
    Location
    Moscow, Russia
    Posts
    3,654

    Re: How to be sure that only my application can interact with my server

    Encrypt all traffic.
    #define true ((rand() % 2)? true: false) // Debug THAT!

    Rate the posts that helped you!

    Evaluating Expressions | Simple POP3 Protocol Realization | Timers explained | Delegates explained | A secure login to your app sample | Numeric Textbox | Printer.Print (or I miss VB6 printing in .Net) | Shuffling any IEnumerable | Marshalling structures to byte arrays and back | Invoking a method by its name | Plugins architecture WITHOUT references | Permuter that permutes everything | Encrypt/Decrypt your stuff | Snake Game | Enumerating all Network Adapters in the system | How to make a web request
    Reply With Quote Reply With Quote
  3. Jan 25th, 2010, 04:32 AM #3
    opus
    opus is offline
    I don't do your homework! opus's Avatar
    Join Date
    Jun 2000
    Location
    Good Old Europe
    Posts
    3,863

    Re: How to be sure that only my application can interact with my server

    Even with encryption a copied message coiuld be re-sent by someone else.
    It all depends on how deep you want to go.
    At pretty much save approach would be to store the mac-address of the allowed user, and only accept messages from such a user. If you enter the allowed mac-address-list manually there would be no way to intercept that.
    You're welcome to rate this post!
    If your problem is solved, please use the Mark thread as resolved button

    Wait, I'm too old to hurry!
    Reply With Quote Reply With Quote
  4. Jan 25th, 2010, 04:52 AM #4
    cicatrix
    cicatrix is offline
    PowerPoster cicatrix's Avatar
    Join Date
    Dec 2009
    Location
    Moscow, Russia
    Posts
    3,654

    Re: How to be sure that only my application can interact with my server

    Say, you have implemented some protocol.
    Imagine, the server issues a challenge, client responds, server authenticates.
    I.e.
    Server: HELLO
    Client: CLIENT #1
    Server: LOGIN/PASS?
    Client: *****/*****
    Server: OK

    Then you encrypt everything with some encryption algorhythm. Every new message looks differently even if it contains the same data.
    Additionally, to lessen the risk of re-sending a captured message, the server can count messages and add the count number to the decryption key (client should do the same):

    ie, the first time server issues a challenge with the password: PASSWORD0 and transmits some random number, i.e 252
    client replies with encrypted message with: PASSWORD252
    server asks for authentication with: PASSWORD252 and transmits a new random number, i.e. 348
    client replies with PASSWORD348, etc.
    what i mean that each new message can be encrypted with different key.
    #define true ((rand() % 2)? true: false) // Debug THAT!

    Rate the posts that helped you!

    Evaluating Expressions | Simple POP3 Protocol Realization | Timers explained | Delegates explained | A secure login to your app sample | Numeric Textbox | Printer.Print (or I miss VB6 printing in .Net) | Shuffling any IEnumerable | Marshalling structures to byte arrays and back | Invoking a method by its name | Plugins architecture WITHOUT references | Permuter that permutes everything | Encrypt/Decrypt your stuff | Snake Game | Enumerating all Network Adapters in the system | How to make a web request
    Reply With Quote Reply With Quote
  6. Jan 27th, 2010, 11:17 AM #5
    mariano_donati
    mariano_donati is offline

    Thread Starter
    Addicted Member
    Join Date
    Dec 2005
    Posts
    198

    Re: How to be sure that only my application can interact with my server

    About mac-address, my application will be (at least I hope that) a high-volume app, so there's no way to do it with mac-address.
    The client needs to implement the encryption algorithm, isn't that a security hole considering disassembler tools?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width