Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re^2: A question about web service security

by PerlOnTheWay (Monk)
on Aug 05, 2011 at 11:55 UTC ( [id://918743]=note: print w/replies, xml ) Need Help??


in reply to Re: A question about web service security
in thread A question about web service security

Can you talk about the principle?

I think there's no way to check whether it's from "your system" or not as HTTP is stateless,one can fake it easily.

Replies are listed 'Best First'.
Re^3: A question about web service security
by cjb (Friar) on Aug 05, 2011 at 12:52 UTC

    You could use a public key encryption scheme. Crypt::RSA would seem like a good start. Another option might be persistent sessions, CGI::Session might be worth a look. Sorry for the vagueness of the answer, but there isn't enough information in the original post to be more specific.

    2011-08-05 @ 1255Z Edited CGI::Session CPAN link

      I am the OP, I forgot to login when I post the question-_-

      I don't think the encryption will work, as you need to expose the encryption method as some function, encrypt, and there's no way to stop a programmer to calculate it himself once he got the encrypt...

Re^3: A question about web service security
by JavaFan (Canon) on Aug 05, 2011 at 13:43 UTC
    No way? Uhm, that very much depends on your definition of "your system". And HTTP may be stateless, TCP certainly isn't (not that statelessness matters). In the simplest case, you have a network like this:
    ^-^-^-^-^-^-^ ^-^-^- +^-^-^-^ +-------------+ / \ +-----------------+ / + \ | Your server |===< Local network >===| Router/Firewall |===< Big Ba +d World > +-------------+ \ / +-----------------+ \ + / v-v-v-v-v-v-v v-v-v- +v-v-v-v
    So, treat a request coming from your local network as "your system", and if it comes via the "Router/Firewall", it comes from somewhere else. And you block it. Preferably at said Router/Firewall.

    Now, your details may be different, but your problem seems more a networking (and in particular, a firewall configuration problem) to me, than a Perl issue.

      Please think about it in web game context,where everything is happening in browser,and everything can be modified.
        Please think about it in web game context,where everything is happening in browser,and everything can be modified.
        Eh, what do you mean by that? In this context, what are "your system", and your "web service"? Are both "your system" and your "web service" also running inside the same browser? Is your browser written in Perl?

        Please think about it in web game context,where everything is happening in browser,and everything can be modified.

        Then you're back to challenge response

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://918743]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2024-03-29 05:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found