Using a Client>Server>Client Architecture, I have built a chat system, and would like to share it with you all!
I'd like to ask your help to see where potential problems (including abuses and exploits from clients) could lie.
Couple notes... The way im sending the user's info seems hackish to me... I assume you can't begin communicating between the computers until .Accept ID is called, correct? basically, im relying on command messages (ie "/ver")being passed too and from the server, to "validate" the client, but, say someone wanted to use my source to build their own client, they could pretty easily get around these checks, no? IE I think now how the code is, if the client just ignores the commands, and treat them like common chat messages, the server could crash/behave wrong etc. I need a way to DEMAND that the client respond in a certain way, and if it doesn't, disconnect. I keep on thinking of a timer, but seems a little hackish to me. Here is the code... please rip it to shreds, constructively, so that we all may learn!
For testing, you need to have a server running (server.exe), and at least 2 chat clients (client.exe), the server having port 10101 naked to the clients.
Tell me what errors/problems/vulnerabilities you find, and if you have the nack, suggest solutions.
Please don't post here about errors you have created yourself within the code... I am not responsible for damage caused by your recoding of the program. As far as I am aware... there are no major errors, and the program does not change your computer in any way.
REQUIRES: Microsoft winsock control, obviously.
Tested in XP, check for me if itll work in other Windows OS's too!
Last edited by EntityReborn; Sep 22nd, 2008 at 05:34 PM.
If I have helped you out, be a pal and rate the helpful post!
Reply With Quote