321 posts
Melbourne, Australia
Posted 24 September 2013 - 08:59 AM
How can I be sure that a http request comes ONLY from my program.
Thanks in advance.
Thanks in advance.
This is a read-only snapshot of the ComputerCraft forums,
taken in April 2020.
Http Authentication Problem
Started by amtra5, 24 September 2013 - 06:59 AM
758 posts
Budapest, Hungary
Posted 24 September 2013 - 09:56 AM
Since anybody can read the source code of a Lua program (and even the bytecode contains the string constants), there is no way to prevent people from seeing something you want to keep unseen. Even if you had the server responding some random information which then would be processed by your program (could be bytecode) and would be sent back to the server again, one could read the source code of the processing algorithm (even if it was bytecode, I think).
TL;DR: I don't think that's possible.
TL;DR: I don't think that's possible.
321 posts
Melbourne, Australia
Posted 24 September 2013 - 10:07 AM
There is nothing I want to keep unseen.
Except maybe an auth code from my server :P/>
Except maybe an auth code from my server :P/>
375 posts
USA
Posted 24 September 2013 - 04:47 PM
There is nothing I want to keep unseen.
Except maybe an auth code from my server :P/>
You can have your program send a key to your webserver, but this is only a solution if you're the only one using it.
2217 posts
3232235883
Posted 24 September 2013 - 05:02 PM
well, if your trying to filter out http requests, you can compare the second argument of http_success and http_failure which contains the url string
thats how i detect which events to "eat" in my httpnet api
https://github.com/P-T-/HTTPNet/blob/master/API/httpnet (see bottom)
but thats only to filter the url, for example someone could use os.queueEvent to forge the events it gets
thats how i detect which events to "eat" in my httpnet api
https://github.com/P-T-/HTTPNet/blob/master/API/httpnet (see bottom)
but thats only to filter the url, for example someone could use os.queueEvent to forge the events it gets
321 posts
Melbourne, Australia
Posted 24 September 2013 - 06:48 PM
I want to filter the program that can access my web server. I was thinking of sending the programs own code, but that's forgeable too. :(/>
2217 posts
3232235883
Posted 24 September 2013 - 07:42 PM
well then its not possible, why would you want to make it do that anyway?
if you do proper error checking it shouldnt be a problem
if you do proper error checking it shouldnt be a problem
321 posts
Melbourne, Australia
Posted 24 September 2013 - 10:47 PM
Then is sessions that expire when the program closes possible?
2217 posts
3232235883
Posted 24 September 2013 - 11:07 PM
timeouts would probably be the best option, because there is no way to tell if the program was terminated with ctrl-s/rThen is sessions that expire when the program closes possible?
758 posts
Budapest, Hungary
Posted 25 September 2013 - 12:21 AM
Yup, but then a session should be created when the program starts, and the session of course would be created by the program itself, which will have the creation code in it. And that'd be readable as well. Face it, no proper way of doing this in CC.
13 posts
Posted 25 September 2013 - 04:30 PM
What are you really trying to accomplish?
Some options:
1. If you need computer security, I guess you would have to look for physical security using other mods (Thaumcraft, MFFS).
2. You could look for some self encrypting programs (look around in forums), but you would have to enter decryption keys everytime server restarts.
3. You could have your program or decryption keys on floppy and plug it in on start - basically if you load your programs into memory, you don't need floppy anymore. After server restart - again manual work.
4. You may request some TPM chip functionality in CC ;-)
It's like in real life with computers :-)
Some options:
1. If you need computer security, I guess you would have to look for physical security using other mods (Thaumcraft, MFFS).
2. You could look for some self encrypting programs (look around in forums), but you would have to enter decryption keys everytime server restarts.
3. You could have your program or decryption keys on floppy and plug it in on start - basically if you load your programs into memory, you don't need floppy anymore. After server restart - again manual work.
4. You may request some TPM chip functionality in CC ;-)
It's like in real life with computers :-)
997 posts
Wellington, New Zealand
Posted 25 September 2013 - 08:17 PM
The easiest way to make sure nobody else uses your web server is to not tell them the address.
13 posts
Posted 27 September 2013 - 07:58 PM
Poster is afraid, that someone reads the address from the source code on his CC computer.The easiest way to make sure nobody else uses your web server is to not tell them the address.
997 posts
Wellington, New Zealand
Posted 27 September 2013 - 10:15 PM
If someone has your code, there's nothing you can do about it. Stop people from getting your code.
At best, they could just run your program and have exactly the same access you do.
Or they could edit the program to make it do other stuff.
At best, they could just run your program and have exactly the same access you do.
Or they could edit the program to make it do other stuff.