I have android clients that make request to my webservice in C#. If would like to keep track of the IPs used by the clients. I read about several way of getting the IP address from the Android device and then send it to the Server, or even get the IP address of a client from the server side. But I also read that both have problems, because malicious clients could fake their own IPs and so on.
So, having myself as the developer for the Android client side and also for the Windows server side, which is the best and more trusty way to get the IP if the client who is requesting a method in the server?
Permission like Read_Phone_State in the Android device will be difficult to get.
Also I heard about NAT address, so, getting the IP and the Port number would be perfect.
I found this:
String sIP = HttpContext.Current.Request.UserHostAddress;
I Don't know if there is a better solution or my reliable.
Related
I want to make my phone a Linux web server, by using the userLand application which gives you the ability to use ubuntu distribution on Andriod.
I already installed Django and ran my server on port 8080 since port 80 is busy (seems logical that android is using it)
and everything is good, it works when I try to access the website from another device on the local network.
so I proceeded to the next step which is making the website accessible from all over the internet then I found that you need to make a port forwarding on the router to allow devices from outside the local network to access a device in the localnetwork .
I followed the following steps :
made the phone's IP static locally
added the configuration needed for the port forwarding (phone's ip, port 8080, etc... )
found the public IP for my phone and used it and with port 8080
it is still not working:
I can access the website locally but can't access it through the internet.
I tried another method by using an already working server from the "AWebServer" application on google play
but still the same problem.
I tried temporarily to disable the firewall on the router but still the same problem
and finally, I tried to open the port on my laptop with OS: Windows 10
instead of the phone OS: Android, and checked with port checker but the port is closed and still the same problem.
I have been trying to solve this for a whole day)), I would be very happy if someone helped me.
thanks
first image
second image
Your ISP might have put you under a NAT, in that case port forwarding might still not work.
Your best bet is to use some sort of SSH Tunnels.
You can try with ngrok.
This will give you a URL to access your application from public internet.
Only caveat here is that ngrok is not free. They have a subscription based model. In the free tier, you can use ngrok but the link url changes after few hours.
If you want to, you can also implement something like ngrok for yourself. Read about ssh tunneling more. This will help you.
I have a web application hosted on an external server. I would create a communication beetwen my home server and the web application.
I thought something like that:
my home server send its ip to the web application
the web application send data to the home server
my home server send back some data
I want to implemente a P2P communication between the WebApp and the home server
it would be bettere if the communication is encrypted
i dont want to use dynamic dns
Is there something to implement that?
There are several types of IP. It can be "grey" and "white".
"Grey" means that your computer can't be accesses through it.
"White" IP's can be accessed directly. Also there are dynamic IP's
that changes through the time. It all depends from the provider.
It's possible that you have "white dynamic" IP but it's pretty rare
for providers to do.
It's easier to connect to server because it
always have "white" permament IP.
TCP/IP already does most of the work. You just create tcp connection and it stays. You just think about sending data.
My suggestion for you is to create something like this:
Home server connects to WebApp
Home server requests some data and WebApp sends back data
Home server sends request containing data and server respondes that all is ok
So you have client-server model. And client always does only requests and server does only responses. And they do not switch. It's easier to maintain.
There is common technology of doing that and it includes encryption too.
You should use HTTPS protocol. Https will do all the encryption(and safely exchange keys too) you just worry about certificates(there are ways not to buy certificate but sign them by yourself. It's whole another topic)
So you will send https requests from your home server PC(client) and get responses from server(webApp).
As you write on Python you would find this answer helpful for you:
HTTPS request in Python
So, i have made a thrift based program with a client and a server and client can communicate well with server. Now, since the data transfer will be quite crucial, I wanted some kind of security in it.
So, I thought of login system, but the problem is I am not storing any kind of session data on server side(I don't even know, what should i store, after all the client request come and go and there is no way to differentiate them). So after much thinking, this is what i came up with
Using random numbers, i would generate some kind of random string when the server starts
Client side will enter the username and password which will be verified at the server end using PAM authentiation(just read something about it).
If verified, server will just send that random generated string to the client side
Client will send that string to server every time it tries to execute a RPC
If verified, server will do the work, else return some error code
Possible problem that i can think of
Currently, when server goes down, and client was in midst of some RPC, it would give some error message and when server restarts, we can do the task without any problem
Now, if the server goes down, then the string generated will be different. So i will again have to do the authentication part
So, what do you think of this entire schema for authentication? Are there any better or simpler way?
P.S : I am not using any kind of database. I am using C++ on both sides. My Client side uses QT
Disclaimer - I do not have much idea as to how PAM works, so I only have some high-level questions about this approach. I apologize in advance if I misunderstood any part of your approach.
When you say you want to secure the data transfer, I feel like you want to have authentication and secrecy, you only have an approach for authentication now.
For instance, if client C1 is authenticating to server(assuming credentials are not sent in cleartext), the server sends the random string in step 3. What happens when someone else is sniffing on the network? Can a rogue client not send the random string and perform RPC calls to the server, posing as C1? If username and password are sent to server in cleartext, can someone on the network get access to the credentials also? Also, what about data that is subsequently sent? It is just encoded in thrift format and can be decoded by anyone on the network, correct? Is the data sensitive?
If so, I want to suggest the use of PKI/certificates. Using a self-signed certificate must be fine. If you only want the client to authenticate to the server and prove it is legitimate, you can make all the clients present their certificate. Certificate is basically a public key for that client signed by an authority that vouches for that client.The client has the private key stored locally, that will never leave the client. Now, when client presents the certificate to server, server looks at who signed the certificate(CA). If it is a CA the server trusts, it can send the random string or just the thrift data directly, encrypted using the client's public key. The client will be able to decrypt with its private key and it looks like random bytes to anyone else who is sniffing. The server will do this for every single client and only needs to store the name of the certifying authority it trusts. This could be your name and address. You can generate the self-signed certificate on every client using openssl. But this means you have additional setup work on each client. Generate a key-pair and certificate. You can explore this approach if this constraint works for you.
i was trying to find some examples that would give me some pointers on how to create an http server within a chrome extension, but haven't had any luck. does anyone know a how to start an NPAPI,NACL http server?
Thanks
Short answer: not possible.
If you want to open a port on a local machine to allow connections, then that is not allowed by the web security model. NaCl runs with the same privileges as JavaScript, no extra holes. However, you may specify extra flags to chrome on start to get more permissions from NaCl, such as open debug port, or get access to raw network sockets.
If you want to 'emulate' an HTTP server to make your extension keep using it regardless of being offline, then it is easier to use the PostMessage API.
I have a Javax web service deployed in a remote Linux machine within a JBoss ESB container. I am able to test the web service using soapUI on the same machine as where the service is deployed. The WDSL URI I used was something like http://127.0.0.1:8080/abcd/abcd?wsdl.
What I would like to do is to be able to test the same service from another machine using soapUI. I tried replacing 127.0.0.1 with the IP address of the machine where the service is deployed. This does not seem to work. Can someone tell me what I am missing here?
Thanks.
a sum of things could go wrong there - as already mentioned by the others the firewall is blocking access for the given (address, port) pair. Another thing that happened to me was that the WSDL was generated using the name of the machine it was deployed on and whenever I was trying to call the service from a different machine it was complaining that I cannot find the given machine.
You need to test network connectively. One tool you can use is plain old telnet. If you telnet to the ip/port combo of the web server, you will get a response (an HTTP error). For example:
$ telnet 192.168.0.10 8080
If you get nothing then there is almost certainly a firewall blocking access.
If you are convinced that no firewall is blocking you, the other possibility is that the web server is only bound to the local network adapter (127.0.0.1) and not the other network adapters (ethernet/wifi). This is very unlikely however.