|
What do YOU think?
Hi, :hattip:
Sitting down this morning in front of the computer I got an "idea" <light bulb> that lit up inside. Now, since I've been here before and gotten expert advise, I thought I'd come ask again to see if what I have is possible. I'm not even sure it's in the right forum, but please bear with me. I'm going to change-over to Xbuntu Linux 12.4. I just hope it's not to hard to learn about it. I'm nearly 66 and sometimes my brain does not work as it should and I have trouble comprehennding what I've read or heard. :redface: Here's the deal, I'm a ham radio operator, yes, Morse code, and I have worked with a group of Storm trackers (Skywarn) for over 30 years. I took it upon myself to go to the F.C.C. ULS. database and copy down all the information on Part 90, Public Safety agencies (Fire & Police) units within a 300 mile radius of my, now home. I know there is no way I'm going to 'hear' all of those units, so I've enlisted the help of others in various city's. I'd like to take this database and put it on the I-net, but restrict it so no unauthorized folks could see the information or change the data. That becomes my duty as the DB Admin. Question: Would it be possible to develop software that has a secret, built-in code for a password and also give me the number on the DNS of their computer, all the while, having them type in a "given" password that they would type on the screen? This way, should anyone make a copy, the DNS would not match and it could not be used by anyone else, LOL! I want to use a great firewall. Would Bastille Linux be a good one or should I go with IPChains? :scratch: Maybe this could be done, maybe not with the encoded software, but I would hope that it were possible. Thanks for LQ^QKing (See the Q's as lensframe and ram pieces, LOL!) Respectfully submitted, "Buck"/KA5LQJ |
I think I'm a little confused but then maybe not since I've read it a couple of times. Basically, you want to offer software to people (authorized people/computers only) and allow them to access your database of "Public Safety agencies (Fire & Police) units within a 300 mile radius" of your home.
So essentially, you want to offer a licensed software which only works when communicating with the server and the server verifies the computer deserves access; is that correct? This is totally do-able though might I make a recommendation. Static IP addresses are not common among house hold internet users (likely the majority of your target audience) so it would be better to create a hash based on the hardware of the current system. This means that the user's license key world work on that single computer no matter where that computer is located (for example a laptop traveling). The user can't very well easily copy the program and you get to ensure that the licensed user can only access one copy of the software at a time. Also, this has nothing to do with a firewall. You need a front-end application written (server) which communicates with the database back-end. The client communicates with the server and the two negotiate the terms for obtaining that database data. It is not wise to let your database be open to the public because there's too many security issues to be worried about with that method. Instead, you can use the front-end server to verify client information before access to said resources is even granted. Technologies you might want to look into is REST API for communication though there's still more details which need to be worked out for authentication and desired protocols. But in a nutshell, yes, what you ask is possible with some work. Just maybe do it in a different way. You should always have a firewall running on your server and I always recommend iptables if you're using Linux. SAM |
As sag47 said
Quote:
I'd also recommend forcing https cxn if you are paranoid... sag47 said Quote:
If you really want to lock it down geographically you could lookup the IP ranges assigned to ISPs in your area & restrict access to those. Not sure how that would work for a national/large area ISP. |
Also before you go to all that trouble re the database, you might check the radioreference.com website. they have a rather extensive one already available that's kept updated regularly.
That said I keep a small database of local frequencies I've collected here as well. |
Generally there are secure ways to allow access. One good method might be to use a certificate based authentication to allow access to some resource. Second on the list is file permissions after authentication. Authentication by certificate would relieve the person from typing and could be verified by your server and logged.
You can mail a usb or cd with a certificate on it that allows them to access resources. I doubt this is any sort of confidential stuff so you could simply make a resource that is not commonly accessed via a domain name too with http access or such. As others stated, we are kind of guessing what you want. |
For the benefit of the community, and so that Buck can get a wider response from other members I'm posting relevant portions of an email to me on the subject. Buck, I also replied this to you in an email; I'm just copy and pasting from the mail that I sent back to you. I cut out some portions of the email for personal information purposes and just left what is relevant for my response
Quote:
Hi Buck, I'm going to go out on a limb here and make some recommendations based on personal experience. How the server presents the data to the client and how the client does the authentication I'll leave up to you. Here's some stuff to get you started though. Learn Programming I'm not sure I can help you to the degree you require however I can give you a point in the right direction. If you have never done programming before then you'll need to learn that. One language I recommend which is relatively easy is Python and a great language for beginners. Here's an MIT opencourseware course on how to learn Python which has Video Lectures. http://ocw.mit.edu/courses/electrica...2008/index.htm There's also a good course on Python from Udacity which teaches python and the process for building a search engine. This will help to introduce some web concepts to you and allow you to offer your data as a service using Python. http://www.udacity.com/view#Course/c.../Nugget/675002 You can obtain python in a couple of ways. If you're on Linux you can simply install it from a software repository. If you're on Windows you can use the official Python website. http://www.python.org There's also good Python documentation. http://www.python.org/doc/ MySQL with Python In addition to that, I would recommend a MySQL database as your backend. You can google around and find MySQL support for Python. I googled for "python mysql" and found the following package. Additionally, you can look up "MySQL tutorial" or "how do I create a database in MySQL", etc. http://mysql-python.sourceforge.net/ I googled "mysql-python tutorial" and found the following article on how to use it. http://zetcode.com/databases/mysqlpythontutorial/ Python as a secure service You'll want to utilize secure connections with the server (i.e. https) so I googled "python https" and found a decent write up in just using a few short lines of code. http://www.noah.org/wiki/Python_HTTPS_and_SSL Since you are creating a secure connection between just the client software and the server (i.e. you're not serving the data publicly with a web browser) I recommend you create your own certificate authority and digitally sign your own certificates. This way communication is secure and you don't have to waste money on buying a certificate. For that purpose there is a great article listed here. http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ Just remember that you need to install your certificate authority public cert in /etc/ssl/ on the server and the client needs to have the public certificate itself to communicate. Client side options Linux If you're developing the client software for Ubuntu or Debian (or any Gnome based Linux) I recommend you develop the application using "quickly" assuming you need to use a GUI for your clients. http://developer.ubuntu.com/get-started/ Windows and other platforms If your clients are Windows machines, I would say that you should develop using something like Qt because you can develop the application for all 3 major platforms (Windows Mac and Linux). Though you would need to learn some C++ for this which there are good tutorials and books on the subject. Just google around for them. You're required to open source the application unless you pay for a commercial license though. Which can be a draw back given a limited budget and assuming you don't want this to be open source. http://qt.nokia.com/products/ Though, an easy to learn cross platform language is Pascal (no, it's not dead yet) which you can develop a http client app for Windows. Lazarus is an open source IDE for freepascal and if you already learned Python it's not that big of a step to also learn Pascal. http://www.lazarus.freepascal.org/ Windows Automated Installer If you wish to create an installer for your application then I recommend NSIS (Nullsoft Scriptable Install System). http://nsis.sourceforge.net/Main_Page There's a great IDE for NSIS called HM NIS Edit. You can see the page here. It comes with a wizard to initially generate an install script. http://hmne.sourceforge.net/ If you don't need a GUI You could simply write a python script (and only distribute the pyd which is compiled python binary) that when opened by the user the first time they need to enter some information (which is emailed to you by the Python script) so that you can set up the server keys. And then when the user opens subsequent times it will automatically download the latest data based on arguments using optargs or some other Python argument library. This way you don't need to care what platform is being used you can just communicate using Python. This would require Python to be installed on the client machine. Other client side information I just briefly touched software and languages you could use. For creating a hash you could take some RAM information and processor information and create a hash from it. On a Linux system, for example, you could create a hash on /proc/cpuinfo and use that as part of the authentication. Or you could just take certain parts of that file and hash it and use it as a code. Basically, the hash can be anything you want. If you're using python as a client side language you could google "hardware info python" or the same with any language. Conclusion Basically I made some assumptions and created a scenario for which you could launch the development of your software. This doesn't mean you have to take my advice. There are other ways of doing it. But handling the details and particulars could take me hours to explain what you *could* do or what *I would* do. This entails gathering specifications on the technologies used, the goals of the project, etc. etc. That I'll leave up to you since it's your project. I have limited time on my hands so if you're stuck somewhere ask in the LQ forums rather than messaging me directly. There's plenty of people on LQ like me who would be able to answer your questions even better than I can. And here is the end of my response ---------------------------------- I forgot to add on to Python as a secure service. Here's an example of a server in Python actually serving arbitrary secure content. http://code.activestate.com/recipes/...ure-communica/ |
| All times are GMT -5. The time now is 10:41 AM. |