Wrote server and client applications. The server sends commands to the player, and the client executes them, returning the result of the execution. Here is an example of their communication:
SERVER: OpenFile // program.exe
CUSTOMER: true
What if someone can also write a client and communicate with the server by sending him incorrect data?
Specify what you want to be protected from? Judging by the description, something like cheats are struggling with in the MMORPG, Dota, etc., then the question is, how much do you want to defend? The simplest solution is to make a "very secret function."
For example, after establishing a TCP connection, the server sends a random number, the client hashes it with some salt and sends it to the server, the server rechecks the result and either trusts the client or not. This is a very simple protection, but if you slightly change the algorithm of hashing and hide the salt somewhere, then without revising the engineering of the original client (or server) it is difficult to get around. But for people writing kraki for programs, this is not a problem.
There may be such a problem. Someone can fake the server address and traffic (MitM), thereby getting into your session and giving any commands to the server.
If you want to be protected from MitM, then use HTTPS with verification of the server certificate on the client side.
Source: https://ru.stackoverflow.com/questions/737311/
All Articles