远程激活/停用并防止停业
我负责一个使用互联网在站点之间传输数据的应用程序,一些客户不愿意付款,因此我们需要一种机制来切断非付款者的服务。 我想防止管理员使用防火墙来阻止我们的检查,但相反,我想为我们公司网站因某种原因消失且无法访问而给予一些允许。
我想象的方案是:
server makes twice daily check to web page using a URL like:
http://www.ourcompany.com/check.php?myID=GUID&Code=MyCode
然后返回一个响应,其中不包含任何感兴趣的内容,或者包含 GUID 和值。
GUID=0
该零表示服务器应该停止运行。 为了使其再次工作,服务器将每 5 分钟检查一次相同的信息,直到该值与其认为传入的代码应转换为的值相匹配。
这个方案对我来说很有意义,但问题实际上是如何防止阻塞。 鉴于我们知道我们必须能够访问互联网,那么在无法从网络服务器获得响应的情况下,我们应该继续运行多长时间? 大约 14 天,然后我们就将其关闭,这是最好的方法吗?
I'm in charge of an app that uses the internet to transfer data between sites, and some customers are being awkward about paying, so we need a mechanism that will allow us to cut off the service of non-payers. I'd like to protect against the admin people using firewalls to block off our checks, but conversely I'd like to give some allowance for our company web site disappearing for some reason and not being accessible.
The scheme I'm imagining is:
server makes twice daily check to web page using a URL like:
http://www.ourcompany.com/check.php?myID=GUID&Code=MyCode
This then returns a response that contains either nothing of interest, or the GUID and a value.
GUID=0
That zero indicates that the server should stop operation. To make it work again, the server will check every 5 mins for the same info, until the value matches what it thinks the code that it passed in should be transformed to.
This scheme makes sense to me, but the question really is how to protect against blocking. Given we know we must have internet access, how long should we continue to operate without being able to get the response from our web server? Is something like 14 days and then we just shut it off anyway the best way?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我最终使用的解决方案与我建议的差不多。 是的,使用此处概述的工具可以击败它,但总比没有好。
该应用程序每天检查是否访问包含使用公钥加密进行加密的控制文件的网站。 它在内存中解密,如果找到其 GUID,则它必须与代码匹配。 要禁用该操作,请将代码设置为 0(零),这将始终失败。 禁用时,它每两分钟检查一次以允许快速恢复。 还有一种手动机制可以生成代码,该代码可以在服务器出现故障时运行一周。
该代码最多允许 14 天不连接到服务器,然后才会将此视为故意尝试阻止。 10 天后,它会显示一条错误消息,要求他们联系支持人员。
The solution I used in the end was pretty much as I suggested. Yes, it is defeatable using tools outlined here, but it is better than nothing.
The app checks daily to access a web site that contains a control file encrypted using public key encryption. It decrypts in memory, and if it finds its GUID, then it must match a code. To disable the operation, the code is set to 0 (zero) which will always fail. When disabled, it checks every two minutes to allow rapid restoration. There is also a manual mechanism to generate a code that will work for a week in case of server trouble.
The code will allow up to 14 days without connecting to the server before it takes this as a deliberate attempt to block it. After 10 days, it shows an error message which asks them to contact support.
这种方法很容易绕过:只需使用本地 dns 服务器将 www.ourcompany.com 指向本地计算机,或使用 http 代理即可。 然后用户可以向程序返回他们想要的任何响应。
假设用户没有规避检查,那么在没有确认的情况下继续操作多长时间是业务决策而不是编程决策。
This method is really easy to circumvent: just use a local dns server to point www.ourcompany.com to the local machine, or use a http proxy. Then the user can return whatever response they want to the program.
Assuming the user hasn't circumvented the check, how long you are to continue to operate without confirmation is a business decision and not a programming decision.
用户可以使用 OWASP WebScarab 等工具动态更改值以破坏您的安全模型。 您需要包括一些更困难的内容,例如需要安全通道、比较公钥等。
A user can use a tool such as OWASP WebScarab to change values on the fly to subvert your security model. You need to include something more difficult such as requiring a secure channel, comparing public key and so on.