mIRC Home    About    Download    Register    News    Help

Forums Active Threads Search Who's Online Help
Print Thread
Design problem
#52607 05/10/03 05:24 PM
Joined: Feb 2003
Posts: 309
Adelaide, Australia
C
CloCkWeRX Offline OP
Fjord artisan
OP Offline
CloCkWeRX
Fjord artisan
C
Joined: Feb 2003
Posts: 309
Adelaide, Australia
OK it aint mirc related. I figured that some of you bright cookies might find an answer anyway.

I have a p2p network. I have central 'account keeping' servers, whcih provide a SOAP interface, basically a database with security.
The p2p network is made up of VoIP clients. The VoIP clients send data back and forth, and make OUTSIDE phone calls.
What I want to do is think of a way of assigning credit to a client's account whenever they make an outside phonecall for someone else.
Trouble is, this is all opensource whichc means that any encryption/checksums etc i do to make sure data isn't faked are all known, and theoretically easily faked by simply compiling a different version fo the client.
CAN anyone suggest a way, without using my server's precious bandwidth, to assign credit to client's accounts in a way that is NIGH ON impossible to fake.

http://www.ahsonline.com.au/dod/FOAF.rdf
Re: Design problem
#52608 05/10/03 05:37 PM
Joined: Dec 2002
Posts: 2,809
C
codemastr Offline
Hoopy frood
Offline
codemastr
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Why does opensource matter? Have the user enter in an encryption key on his/her own. Then it doesn't appear anywhere in the source code.

Re: Design problem
#52609 12/10/03 04:37 AM
Joined: Feb 2003
Posts: 309
Adelaide, Australia
C
CloCkWeRX Offline OP
Fjord artisan
OP Offline
CloCkWeRX
Fjord artisan
C
Joined: Feb 2003
Posts: 309
Adelaide, Australia
*finally checks this thread again*
the opensource element matters because:
Its a VoIP client/phone dialer that logs phone call info and sends the data back to the server.

If its opensource, you could simply (and easily) remove phone dialing elements and replace them with dummy functions; and compiling your own client. This client then can make a 'phonecall' which doesn't actually do any dialing (therefore costs nothing) but still can look 100% authentic in claiming that it just earnt 20 minutes credit.


But no matter, after some thought I've come up with a REASONABLE solution - make the RMI calls between client and server include a request for certain bytes @ random from teh .exe
Kinda like the old games which said 'line 7 page 22 of manual, 57th character'
That way at least, if the source code is recompiled as outlined above the server has a chance of detecting an imposter, as the server would keep a copy of the .exe on hand too to verify against.
then tehre would be no need for encrypting the information

its still possible to fake, requiring another copy of the program and changing all the references from 'this .exe' to 'that .exe', but its better than nothing i suppose *sihg*.

http://www.ahsonline.com.au/dod/FOAF.rdf

Link Copied to Clipboard
Forum Rules · Mark All Read Contact Us · Help · mIRC Homepage