Results 1 to 3 of 3
Thread: Confirming a user is valid
- 08-02-2010, 09:34 AM #1
Confirming a user is valid
I have a server architecture set up in which a user would connect using this code:
new Socket("localhost",1234); // Placeholder name/port
Now here's my question: How can I confirm that a user is running the applet from *my* website, and not from another? Or alternately, confirm that they are, at least, running an unaltered version of the applet?
I had a few ideas:
1. Send a CRC check of the applet file from client to server to confirm. This, however, could be forged.
2. Send a confirmation hash from the client to server (which could also check for updates). Could also be forged.
3. Update a MySQL database when the user opens the page that says they are allowed to check in. Remove entry from database after an inactivity timeout.
I'm most fond of option #3 but I'm looking for other opinions or ideas from people who've been in this kind of situation before. Security is fairly important here, so I want to make sure as possible that the server is receiving no forged connections.
Thanks in advance, I appreciate all the help you guys offer!
- 08-02-2010, 01:52 PM #2
Have the server generate a unique ID for each applet's html page and put it in the <PARAM tag and have the applet return it. Have the ID timeout.
- 08-03-2010, 01:07 AM #3
Ah, perfect. Thanks!
- By jambon in forum JavaServer Faces (JSF)Replies: 0Last Post: 06-30-2010, 09:34 PM
- By raghu2114 in forum Advanced JavaReplies: 7Last Post: 04-09-2009, 04:24 AM
- By feenaoreilly in forum Java CertificationReplies: 1Last Post: 12-28-2008, 01:41 PM
- By heat84 in forum New To JavaReplies: 1Last Post: 12-22-2007, 03:29 AM
- By baltimore in forum New To JavaReplies: 1Last Post: 07-31-2007, 11:28 AM