NetTalk Central

Author Topic: Detect different connections coming from within one network through proxy  (Read 2925 times)

Thys

  • Sr. Member
  • ****
  • Posts: 311
    • View Profile
    • Incasu
    • Email
Hi,

This is something basic that I need to understand to design a security portion for an application. When any number of pc's within the same network connect via a proxy to an outside server, all of their connections would come from the same ip address. If they only connect using HTTP then that connection is of a short nature - until the next request. Is there a way to uniquely identify any of these pc's that make connections?

Thys

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
>> all of their connections would come from the same ip address.

correct. (By inference, you cannot assume that one IP address = one device.) which is why you can't use the IP address as the session ID. But I digress;

>> Is there a way to uniquely identify any of these pc's that make connections?

I'm not sure what you mean by "uniquely identify". If you place a cookie on the machine, then with the next request you get the cookie. (This is exactly how sessions work). However if you want some "unique number, which the device generates and sends to you with each request - then no, nothing like that exists.

and if you think about it, if it did, there would be a lot less effort surrounding cookies, especially tracking cookies.

Cheers
Bruce


Thys

  • Sr. Member
  • ****
  • Posts: 311
    • View Profile
    • Incasu
    • Email
Bruce,

I want to have a way to make sure that clients connecting to my NetTalk app are authentic. One way could have been a simple IP-lock (only allow those IP addresses from a given list), but this is not possible now. For now it seems like proper authentication is not possible without digital certificates at the clients.

Thanks

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
client-side certificates are definitely the best way to authenticate a specific machine.

cheers
Bruce