Hey, How about doing interactive login once during installation (e.g. displaying a web browser control in your setup program), then using this session to establish a shared secret between the machine and your application. Something like:
secret = md5.md5(str(random.getrandbits(512)).hexdigest() Then use that secret in the client to sign update requests: sig = hmac.HMAC(key=secret, msg=str(nonce, current_ip, webcam_jpg)).hexdigest() And passing that with the request. Store 'nonce' somewhere in Datastore and the local machine, incrementing it once per request (and at the server side, ensure the nonce never decrements - this is to prevent replay attacks). 2009/3/26 r00723r0 <[email protected]>: > > It seems odd, I know, but I'm not doing anything malicious. I am > making a laptop recovery service. The client on the laptop must update > the Google App Engine server with the laptop's IP every few minutes to > the App Engine server can keep track of it. But I need to make sure > what user is sending this IP information. > > This is where the trouble comes in. The client on the laptop that > tries to give the server the IP needs to authenticate but cannot > without a login page. > > On Mar 25, 8:50 pm, "Steve Robillard" <[email protected]> > wrote: >> It might help to know why all the subterfuge what problem are you trying to >> solve? As a user I would be suspicious of any system that forwards me >> through a series of links and sends secret information. With all do respect >> it sounds like you are trying to proxy a limited resource or bypass a 3rd >> party subscription requirement. >> >> Steve >> >> -----Original Message----- >> From: [email protected] >> >> [mailto:[email protected]] On Behalf Of r00723r0 >> Sent: Wednesday, March 25, 2009 7:30 PM >> To: Google App Engine >> Subject: [google-appengine] Re: Manual Authentication >> >> I may have explained myself incorrectly. I need to log in from an invisible >> client without a web interface, and the login URL is unknown to the >> standalone client. The client needs to log in and send some data silently. >> >> The main problem is that the username and password are saved, so the user >> will not be manually logging in. Instead the client must be able to log in >> without a proprietary log in URL that Google provides. >> >> A possible solution: >> * The client connects to someapp.appspot.com/update/, which has only a login >> URL when a user is not logged in. >> * The client then connects to the URL and sends magical information to log >> in. >> * The login URL redirects back to the /update page, as it always does, and >> the Google App Engine program stores this visit as programmed. >> >> However, this solution is inelegant and annoying to program. Any better >> solutions? >> >> On Mar 25, 6:30 pm, Marzia Niccolai <[email protected]> wrote: >> > Hi, >> >> > Please see the information in our Google Accounts section which shows >> > you how to request/require login and generate login/logout >> > URLs:http://code.google.com/appengine/docs/python/users/ >> >> > -Marzia >> >> > On Wed, Mar 25, 2009 at 11:43 AM, r00723r0 <[email protected]> wrote: >> >> > > I am writing a laptop theft recovery service. The client requests / >> > > update on the Google App Engine server, with user credentials, >> > > through HTTPS every few minutes. The server stores the IP from which >> > > the request was made and the time the request was made in the user >> > > information database model. My question is as such: how do I >> > > authenticate the user in the Google App Engine server? The username >> > > and password are given through POST in the HTTP request but I'd >> > > still need a login URL which the client cannot generate. > > > -- It is better to be wrong than to be vague. — Freeman Dyson --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
