So I have a multithreaded tcp server and a tcp client on the same server. It works great, people can connect simultaneously on my website. the only problem is, someone can create there own client and connect to my servers port and spam messages, how do i restrict my tcp server to only talk to my client on foo.com/foo and block all other clients not on foo.com/foo

server language: java
client language: flash
both located in the same web server / using centos rpm based server
Thanks!!

First, welcome to LQ!

Next, this looks like a duplicate of this post, please do not post the same question multiple times.

And third, as a general principle "security" is mutually exclusive of "Java|Flash".

All that said, I suspect that your description of your client and server relationship may not be accurate in saying that they are both on the same "server".

If that is correct, then you should make your java server listen only on 127.0.0.1 and not accept outside connections - then if the client and server are on the same machine they will communicate while all others will be rejected. A simple iptables rule can accomplish that, or configure the server application itself to listen only on the localhost.

But I suspect that your client runs on the user machine (i.e., not the same machine as the server) in which case you will need to include some form of session token and authentication mechanism in the client and server code itself, that is passed in the tcp exchange.

You will probably get a better answer if you can provide more detail about your actual application.

Hi, Thanks for taking the time to write that,sorry about the confusion also, to clarify, the server class is running at the root of the server, The client is displayed a couple of directories above it in the public html. I tried binding 127.0.0.1 for my server and the client on the website didnt end up talking to it, i really dont want to resort to tokens either, i just want the server to only accept connections from /home/path/to/file.swf

So what you are telling us is that the tcp client is not located on the same machine as the tcp listener as I suspected, but is running on a remote machine. The client file is delivered to the visitor via an http request (i.e., web browser page), and runs on the remote machine, so listening only on 127.0.0.1 will not work.

The client file that you deliver to your users may be located a few directories away from the server listener class file within your filesystem, but that has no bearing whatsoever on any tcp requests made by the application when that file runs on your visitor's machines.

Tcp network protocol has no concept of filesystem path - those tcp requests could come from Mars as far as the listener is concerned. The client can tell the listener where it came from, but then, so could the fake clients...

Hence, the only solution is some form of non-falsifyable identification that can be passed in the tcp requests between client and server.

Thats exactly what I figured, since either way, the socket connection is made between the user on its ip and the server, looks like this server is not only going to have hand shake features but fist pumps, and high-fives as well :P thanks for the info sir let me buy you a beer.