Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
416 views
in Technique[技术] by (71.8m points)

c# - How to ensure a .Net application is genuine?

In a client-server application how can the server know that a request comes from a genuine application and not from a tampered copy of it? I still haven't developed neither the client nor the server application. The solution may be plain socket, wcf, IIS hosted or whatever.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

There really isn't a way. Anything you could ask for the app to provide, a rogue app could spoof. Ultimately the answer is that you shouldn't trust any client application. You can trust users provided they've authenticated, but the client itself is 100% untrustworthy.

To illustrate this completely, I could run all of the traffic through a proxy server and inject/remove messages at will. Then you've got a legitimate client with spurious messages.

Now if you're talking about a library that you plan on using on a client, making sure it hasn't been tampered with, that's what strong naming assemblies is for. But that wouldn't help you over the wire.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...