开发者

Help designing a secure network protocol

In an app, I Have a network server and clients. After a handshake, let's say the client sends "userId sessionId SOME_COMMAND param param param".

I have already identified the client and the sessionId is checked on the server accordingly, so identity is no more an issue.

But I'd like to prevent a hacker to modify the message or create a false one, for example sending "userId sessionId SOME_COMMAND paramModified paramModified paramModified".

I thought about using a pair of private/public encryption keys, and send the hash of the message in the message itself. But since it's automated in the client program, I may have to send the public key during the handshake. So the hacker could simply retrieve it and generate the proper hash.

I could also use complex encryption seeds or algorithms, but my experience with hackers has shown me that they will decompile anything.

So the bottom line is: I can hide everything that runs on the server, but I can't hide anything on the client program. And I'd like to to forbid to mod开发者_JAVA百科ify the message that the client program is supposed to send.

I don't even know if it's possible. And I'm opened to any suggestion. And by the way, I'm using Java, although it should not be very relevant. Thanks.


Forget it. Use SSL like everybody else. There are complexities which you haven't even begun to address.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜