All geek questions in one place

How to prevent the use of non-certified client applications by my server?

I am currently writing a couple of client-server applications. I recently came across the question: "How can I prevent someone from writing their own client application and using our server?" I really did not have an answer to this question, because all the secure communication data that I have done so far is to provide encryption of messages between the client and the server. It will be a departure from this thought in that - how can I ensure that the client application on the other end is the client application that I want to talk to (and not someone pretending to be my client application)?

Does anyone have reasonable thoughts on doing this?

+3
source share
4 answers

You cannot provide such a thing. The only thing the server sees is communication, and if the other client application behaves exactly like your client application, you cannot see the difference.

Why is it important that only your own client application can talk to your server? If it comes to security, then your security design is wrong. The simple fact is that the client application can never be trusted by the server, even if it is your own client application.

+3
source

It is difficult to answer without knowing more about what your server is doing and who the clients are. But there are several options:

  • IP . , IP-, .
  • , ?
0

? , - , , , , .

, , , . (exterrogated case: , . ).

, .

0

/ - .

Insert the serial number and key unique to this serial number in your application (client and server). Then, when the client attaches and sends its serial number, the server calculates the call that will be sent to the client (using a known key). When a client receives a call, he must answer with the answer (which he calculates from it the internal key).

-1
source

Source: https://habr.com/ru/post/1714208/

More articles:


All Articles