All geek questions in one place

How to provide HTTP download from an authentic executable

We are now creating our own Windows application (MFC) that will load some data into our web application. The Windows application will allow the user to log in and after that periodically will upload some data to our web application. Download will be via a simple POST HTTP address to our web application. I have a problem: how can we guarantee that the download really came from our application, and not because of curls or something like that. We are probably looking at some kind of public / private key encryption. But I'm not sure if we can somehow simply embed the public key in our win app executable file and do with it. Or will it be too easy to extract and use this public key outside of our application?

In any case, we create both sides (client and server), so almost everything is an option, but it should work through HTTP (S). However, we do not control the execution environment of the win (client) application, and the user who runs the application on his system is the only thing that can win by playing the system.

+3
source share
4 answers

Ultimately, it is impossible to prove the identity of the application in this way when it runs on a machine that you do not have. You can insert keys, play with hashes and checksums, but at the end of the day, anything that relies on code running on someone else's machine can be fake. Keys can be extracted, the code can be programmed in the reverse way - all this is safe through obscurity.

, , - , . - .

+9

, , HTTPS . WinHTTP.

, - win app .

, .

?

, , , , , .

, , . , , , . Blizzard , , .

+2

, . , . , . DRM .

, MAC- , , .

, . , , , .

+2

, , - 2 - 1, , , HTTP (S), .

If I understand correctly, the data is sent automatically after the user logs in - it sounds as if only part of the service is needed.

0
source

Source: https://habr.com/ru/post/1726622/

More articles:


All Articles