Re: [twsocket] NIC list
Indeed if a spy is observing packets from the beginning of session this will not work, I was certainly drunk when I posted ;) If I don't want to use https , given the fact I control the source of both client and server , is there any alternative mechanism I can use to avoid fake messages from clients ? - Original Message - From: Florin Vancea fvan...@maxiq.ro To: ICS support mailing twsocket@elists.org Sent: Friday, January 16, 2009 7:23 AM Subject: Re: [twsocket] NIC list Anyone capturing the session ID will capture the IP you send, too. If you are concerned about security, use https with your cookies. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NIC list
You will need to implement some sort of signature along with all your messages. If the actual security requirements are light (i.e. protection against the casual hacker) then you could hash every message combined with a value specific to each client, then include the hash along with the message. On server side, you repeat the process and check the incoming hash against the resulting one. Obviously you will need a value specific to each client, which should be reasonably hard to get for the intruder. To generate one you could use Diffie-Hellman or something similar (in Javascript? over HTTP? auch!) or you could simply send a random value from the client with the first request and hope the intruder was not there to see it :) Please note that this single vulnerable message is only slightly better than no protection at all (the cookie is visible in each request, the random value only once). For any stronger security concerns than the above scenario I would strongly recommend the beaten path, i.e. https, against any home-brewed protocol. HTH. - Original Message - From: scconsulting scconsult...@free.fr To: ICS support mailing twsocket@elists.org Sent: Friday, January 16, 2009 1:57 PM Subject: Re: [twsocket] NIC list Indeed if a spy is observing packets from the beginning of session this will not work, I was certainly drunk when I posted ;) If I don't want to use https , given the fact I control the source of both client and server , is there any alternative mechanism I can use to avoid fake messages from clients ? - Original Message - From: Florin Vancea fvan...@maxiq.ro To: ICS support mailing twsocket@elists.org Sent: Friday, January 16, 2009 7:23 AM Subject: Re: [twsocket] NIC list Anyone capturing the session ID will capture the IP you send, too. If you are concerned about security, use https with your cookies. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NIC list
is it possible to retrieve a list of installed NIC's that returns Mac-address, IP and description using ICS ? I've used some routines (all using IpHlpApi.pas) in the past, but I can't get it working properly in D2009 My IP Helper stuff was updated for D2009 last summer: http://www.magsys.co.uk/delphi/magiphlp.asp There will be another version in a day using new APIs for Vista and better. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NIC list
thanks, I'll check what went wrong here. Paul - Original Message - From: Angus Robertson - Magenta Systems Ltd an...@magsys.co.uk To: twsocket@elists.org Sent: Thursday, January 15, 2009 3:38 PM Subject: Re: [twsocket] NIC list is it possible to retrieve a list of installed NIC's that returns Mac-address, IP and description using ICS ? I've used some routines (all using IpHlpApi.pas) in the past, but I can't get it working properly in D2009 My IP Helper stuff was updated for D2009 last summer: http://www.magsys.co.uk/delphi/magiphlp.asp There will be another version in a day using new APIs for Vista and better. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NIC list
Hello guys ! Concerning NICs and IP list, is there any way on a web browser (IE7, FF3) to send the local network IP of the client computer to the HTTP server (made with ICS HttpServer) ? (Example: I have 2 computers at home , one is directly connected to internet and has 2 IPs (external and local usually 192.168.0.1), and another with IP 192.168.0.2) Is there a way to send from inside the browser (using Javascript ?) the 192.168.0.x IP to HTTP server and not only the real external IP. I ask this question because I need in a multi player game to identify the IP of each player on the local network (else everyone has the same external IP from the HTTP server point of view). Of course I use also HTTP cookie with a sessionID inside but for security reasons I want to be sure that no one on LAN captured the sessionID of another IP and sends fake messages to server. Thanks ! -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NIC list
Anyone capturing the session ID will capture the IP you send, too. If you are concerned about security, use https with your cookies. - Original Message - From: scconsulting scconsult...@free.fr To: ICS support mailing twsocket@elists.org Sent: Thursday, January 15, 2009 7:14 PM Subject: Re: [twsocket] NIC list Hello guys ! Concerning NICs and IP list, is there any way on a web browser (IE7, FF3) to send the local network IP of the client computer to the HTTP server (made with ICS HttpServer) ? (Example: I have 2 computers at home , one is directly connected to internet and has 2 IPs (external and local usually 192.168.0.1), and another with IP 192.168.0.2) Is there a way to send from inside the browser (using Javascript ?) the 192.168.0.x IP to HTTP server and not only the real external IP. I ask this question because I need in a multi player game to identify the IP of each player on the local network (else everyone has the same external IP from the HTTP server point of view). Of course I use also HTTP cookie with a sessionID inside but for security reasons I want to be sure that no one on LAN captured the sessionID of another IP and sends fake messages to server. Thanks ! -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be