Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So I have a multithreaded tcp server and a tcp client on the same server. It works great, people can connect simultaneously on my website. the only problem is, someone can create there own client and connect to my servers port and spam messages, how do i restrict my tcp server to only talk to my client on foo.com/foo and block all other clients not on foo.com/foo
server language: java
client language: flash
both located in the same web server / using centos rpm based server
Thanks!!
Next, this looks like a duplicate of this post, please do not post the same question multiple times.
And third, as a general principle "security" is mutually exclusive of "Java|Flash".
All that said, I suspect that your description of your client and server relationship may not be accurate in saying that they are both on the same "server".
If that is correct, then you should make your java server listen only on 127.0.0.1 and not accept outside connections - then if the client and server are on the same machine they will communicate while all others will be rejected. A simple iptables rule can accomplish that, or configure the server application itself to listen only on the localhost.
But I suspect that your client runs on the user machine (i.e., not the same machine as the server) in which case you will need to include some form of session token and authentication mechanism in the client and server code itself, that is passed in the tcp exchange.
You will probably get a better answer if you can provide more detail about your actual application.
Hi, Thanks for taking the time to write that,sorry about the confusion also, to clarify, the server class is running at the root of the server, The client is displayed a couple of directories above it in the public html. I tried binding 127.0.0.1 for my server and the client on the website didnt end up talking to it, i really dont want to resort to tokens either, i just want the server to only accept connections from /home/path/to/file.swf
Hi, Thanks for taking the time to write that,sorry about the confusion also, to clarify, the server class is running at the root of the server, The client is displayed a couple of directories above it in the public html. I tried binding 127.0.0.1 for my server and the client on the website didnt end up talking to it, i really dont want to resort to tokens either, i just want the server to only accept connections from /home/path/to/file.swf
So what you are telling us is that the tcp client is not located on the same machine as the tcp listener as I suspected, but is running on a remote machine. The client file is delivered to the visitor via an http request (i.e., web browser page), and runs on the remote machine, so listening only on 127.0.0.1 will not work.
The client file that you deliver to your users may be located a few directories away from the server listener class file within your filesystem, but that has no bearing whatsoever on any tcp requests made by the application when that file runs on your visitor's machines.
Tcp network protocol has no concept of filesystem path - those tcp requests could come from Mars as far as the listener is concerned. The client can tell the listener where it came from, but then, so could the fake clients...
Hence, the only solution is some form of non-falsifyable identification that can be passed in the tcp requests between client and server.
Last edited by astrogeek; 07-05-2015 at 12:25 AM.
Reason: typos, clarity...
Thats exactly what I figured, since either way, the socket connection is made between the user on its ip and the server, looks like this server is not only going to have hand shake features but fist pumps, and high-fives as well :P thanks for the info sir let me buy you a beer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.