Answer the question
In order to leave comments, you need to log in
Client Program Identification
Good day. Now I am designing a client-server application for collecting data from client machines. The client is written in C, open source, downloading a binary assembly is possible from a personal account on the site. To identify the client program, it is planned to use a certain token - a random number, about 10 bytes, which is embedded in the program code immediately before uploading to the site. That is, the fact of downloading this instance binds the token to the client's account. The client part itself is useless, but with this identification scheme, it is possible to carry out banal sabotage - by launching an instance of the program, with a selected token, on a host that is not related to the customer, while it will send its information, as a result, on the server instead of useful statistics, you get information garbage. As an option, protection can be strengthened by a second token transferred at the stage of installing the client part, for example, a mac-address. But I don’t like something in this scheme, something on an intuitive level - I just haven’t realized yet what a rake this can turn out to be. Please critique this identification scheme.
Answer the question
In order to leave comments, you need to log in
offhand: I would bind the new token to the ip address during the first session, and filter out the mismatch of the token-ip pair and somehow deal with it
mac address is a bad idea. rather already the motherboard ID + some thread hash from the bios data / processor serial number ...
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question