Results 1 to 3 of 3
  1. #1
    Zack's Avatar
    Zack is offline Senior Member
    Join Date
    Jun 2010
    Location
    Destiny Islands
    Posts
    692
    Rep Power
    5

    Default Confirming a user is valid

    I have a server architecture set up in which a user would connect using this code:
    Java Code:
    new Socket("localhost",1234); // Placeholder name/port
    It is then up to the client's packets to confirm with the server a login username & password, and so on.

    Now here's my question: How can I confirm that a user is running the applet from *my* website, and not from another? Or alternately, confirm that they are, at least, running an unaltered version of the applet?

    I had a few ideas:
    1. Send a CRC check of the applet file from client to server to confirm. This, however, could be forged.
    2. Send a confirmation hash from the client to server (which could also check for updates). Could also be forged.
    3. Update a MySQL database when the user opens the page that says they are allowed to check in. Remove entry from database after an inactivity timeout.

    I'm most fond of option #3 but I'm looking for other opinions or ideas from people who've been in this kind of situation before. Security is fairly important here, so I want to make sure as possible that the server is receiving no forged connections.

    Thanks in advance, I appreciate all the help you guys offer!

  2. #2
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    SW Missouri
    Posts
    17,343
    Rep Power
    25

    Default

    Have the server generate a unique ID for each applet's html page and put it in the <PARAM tag and have the applet return it. Have the ID timeout.

  3. #3
    Zack's Avatar
    Zack is offline Senior Member
    Join Date
    Jun 2010
    Location
    Destiny Islands
    Posts
    692
    Rep Power
    5

Similar Threads

  1. CRUD Validation Error: Value is not valid
    By jambon in forum JavaServer Faces (JSF)
    Replies: 0
    Last Post: 06-30-2010, 08:34 PM
  2. Replies: 7
    Last Post: 04-09-2009, 03:24 AM
  3. Sun Voucher for sale - Valid Any 310 Exam
    By feenaoreilly in forum Java Certification
    Replies: 1
    Last Post: 12-28-2008, 12:41 PM
  4. Valid declarations
    By heat84 in forum New To Java
    Replies: 1
    Last Post: 12-22-2007, 02:29 AM
  5. Help with valid declarations of a float
    By baltimore in forum New To Java
    Replies: 1
    Last Post: 07-31-2007, 10:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •