473,324 Members | 2,473 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

validating client in socket communciation

Hi,
I am using asynchronous client/server communication. Whenever a
client is getting connected to the server the correspoinding socket is
added to the list. I want to validate whether the client is really a
valid one, for that every client will send some command to server for
validation. But the thing is if the client is invalid server will not
receive the command at all so the socket will be kept open how should
i identify that socket and close that invalid socket ?

thanks in advance.
Oct 23 '08 #1
5 2779
On Wed, 22 Oct 2008 22:47:10 -0700, Nash <je******@gmail.comwrote:
Hi,
I am using asynchronous client/server communication. Whenever a
client is getting connected to the server the correspoinding socket is
added to the list. I want to validate whether the client is really a
valid one, for that every client will send some command to server for
validation. But the thing is if the client is invalid server will not
receive the command at all so the socket will be kept open how should
i identify that socket and close that invalid socket ?
I am having trouble understanding your description. In what way can a
client be "invalid" in a way that manages to leave the connection open and
yet fails to transmit your command to the server? How is the client
failing a validation step without sending the command that is supposed to
validate it?

As always, a concise-but-complete code example would be _much_ better as a
way of describing your problem.

Pete
Oct 23 '08 #2
On Oct 23, 12:25*pm, "Peter Duniho" <NpOeStPe...@nnowslpianmk.com>
wrote:
On Wed, 22 Oct 2008 22:47:10 -0700, Nash <jeevs...@gmail.comwrote:
Hi,
*I am using asynchronous client/server communication. Whenever a
client is getting connected to the server the correspoinding socket is
added to the list. I want to validate whether the client is really a
valid one, for that every client will send some command to server for
validation. But the thing is if the client is invalid server will not
receive the command at all so the socket will be kept open how should
i identify that socket and close that invalid socket ?

I am having trouble understanding your description. *In what way can a *
client be "invalid" in a way that manages to leave the connection open and *
yet fails to transmit your command to the server? *How is the client *
failing a validation step without sending the command that is supposed to*
validate it?

As always, a concise-but-complete code example would be _much_ better as a *
way of describing your problem.

Pete
thanks pete for your response.

what i ment by invalid is some unauthorized client. if some one knows
the ip and port number where server is listening for incoming
connections, they can write a code to connect to the server right.
I want to prevent it, for that what i thought is every authorized
client will send some valid command with wich server will validate. so
server will always send some data to the authrozied client. but the
problem is the hacker program will not send any command for
authroization so that socket will not be closed at all.

is there anyother stragey i should follow to authorize the clients
Nov 3 '08 #3
On Sun, 02 Nov 2008 22:09:52 -0800, Nash <je******@gmail.comwrote:
what i ment by invalid is some unauthorized client. if some one knows
the ip and port number where server is listening for incoming
connections, they can write a code to connect to the server right.
I want to prevent it, for that what i thought is every authorized
client will send some valid command with wich server will validate. so
server will always send some data to the authrozied client. but the
problem is the hacker program will not send any command for
authroization so that socket will not be closed at all.
What kind of hacker are you expecting? Will they send _any_ data? If
not, then other than a denial-of-service attack, what would that hacker
expect to accomplish?
is there anyother stragey i should follow to authorize the clients
It really depends on your application protocol. It's entirely possible,
depending on your security needs, that it's sufficient that the client
simply provide valid data. A custom protocol is unlikely to be known by a
hacker, and so they're not going to send valid data.

If you have a custom protocol but data that is sensitive, then
yes...you'll probably want to add a layer of security on top of that.
That way a hacker specifically targeting your server but who is actually
aware of the protocol specifics still won't be able to get data. But, you
should just make the authentication part of the protocol. Any client who
attempts any operation except the authentication step would be dropped.

That then leaves denial-of-service attacks as your main vulnerability.
But that's not something you're going to be able to defend against in your
server. The best you can do there is timeout a connection if there's no
activity after a certain amount of time, but all that does is help the
server clean up from errors, dropped connections, etc.

There's no way to set a timeout that is short enough to deal with DoS and
yet allows a legitimate client to connect. In the server, you could keep
a list of rejected IP addresses (e.g. clients that have been timed out
recently, more than a certain number of times), but a) that may result in
legitimate clients with poor network connections getting wrongly rejected,
and b) you're still going to be limited by how fast your server can reject
connections. DoS attacks are a whole other level of security issue, and
frankly this newsgroup really isn't the best place to learn how to deal
with them.

Pete
Nov 3 '08 #4
On Nov 3, 1:49*pm, "Peter Duniho" <NpOeStPe...@nnowslpianmk.com>
wrote:
On Sun, 02 Nov 2008 22:09:52 -0800, Nash <jeevs...@gmail.comwrote:
what i ment by invalid is some unauthorized client. if some one knows
the ip and port number where server is listening for incoming
connections, they can write a code to connect to the server right.
I want to prevent it, for that what i thought is every authorized
client will send some valid command with wich server will validate. so
server will always send some data to the authrozied client. but the
problem is the hacker program will not send any command for
authroization so that socket will not be closed at all.

What kind of hacker are you expecting? *Will they send _any_ data? *If *
not, then other than a denial-of-service attack, what would that hacker *
expect to accomplish?
is there anyother stragey i should follow to authorize the clients

It really depends on your application protocol. *It's entirely possible, *
depending on your security needs, that it's sufficient that the client *
simply provide valid data. *A custom protocol is unlikely to be known by a *
hacker, and so they're not going to send valid data.

If you have a custom protocol but data that is sensitive, then *
yes...you'll probably want to add a layer of security on top of that. *
That way a hacker specifically targeting your server but who is actually *
aware of the protocol specifics still won't be able to get data. *But, you *
should just make the authentication part of the protocol. *Any client who *
attempts any operation except the authentication step would be dropped.

That then leaves denial-of-service attacks as your main vulnerability. *
But that's not something you're going to be able to defend against in your *
server. *The best you can do there is timeout a connection if there's no *
activity after a certain amount of time, but all that does is help the *
server clean up from errors, dropped connections, etc.

There's no way to set a timeout that is short enough to deal with DoS and*
yet allows a legitimate client to connect. *In the server, you could keep *
a list of rejected IP addresses (e.g. clients that have been timed out *
recently, more than a certain number of times), but a) that may result in*
legitimate clients with poor network connections getting wrongly rejected, *
and b) you're still going to be limited by how fast your server can reject *
connections. *DoS attacks are a whole other level of security issue, and *
frankly this newsgroup really isn't the best place to learn how to deal *
with them.

Pete
Thanks pete for your valuable reply.

I have another question in sockets. my requirement is like a server
that can handle 1 million clients. is it possible to have 1 million
sockets kept open through out or shall the client open the connection
whenever it needs to send data and close it, will there be any
overhead in this process than keeping the connection open forever?
Nov 3 '08 #5
On Mon, 03 Nov 2008 02:40:12 -0800, Nash <je******@gmail.comwrote:
I have another question in sockets. my requirement is like a server
that can handle 1 million clients. is it possible to have 1 million
sockets kept open through out or shall the client open the connection
whenever it needs to send data and close it, will there be any
overhead in this process than keeping the connection open forever?
There certainly is significant overhead for each socket that you keep
open. But, performance-wise there is even more overhead opening and
closing connections between the server and the same client over and over.
Unless clients only communicate with the server very infrequently, you
should just keep their connections open.

That said, a server supporting 1 million sockets is going to have to get
_everything_ right. Even at hundreds of thousands of sockets, only by
being very careful about your code can you achieve acceptable throughput.
For 1 million, on top of coding everything perfectly, you'll need a
computer with lots of i/o bandwidth, lots of CPUs, a huge amount of
memory, and a way to service each client i/o operation extremely quickly.

Just being able to keep the sockets open is only a small part of the
battle. Note, of course, that unless you maintain very tiny buffers
(which will be terrible for performance), you're going to need 64-bit
Windows to support that many sockets. (Actually, you might need that many
anyway...I don't have first-hand experience implementing something that
large, so can't say for sure it'd work for you under any circumstances on
32-bit Windows).

If you want to scale up that large on a single server, you should
definitely be looking at the newest Socket APIs for asynchronous i/o.
That is, the methods ending in the word "Async". These are even more
efficient than the previous async methods (methods starting with the word
"Begin"), and I believe that you have no hope of supporting 1 million
simultaneous clients without them, not in .NET anyway.

That's all assuming you can get it to work at that scale at all. I've
only heard of servers at that scale in shops where experts at network i/o
are doing the programming; it's not for the faint of heart, that's for
sure. :)

Pete
Nov 3 '08 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Rune | last post by:
Hi, I've written a very simple 'kill-server' to help me shut down processes through Telnet or HTTP. The kill-server is a function and is launched as a thread. I use the module socket.py on Python...
15
by: Michael Rybak | last post by:
hi, everyone. I'm writing a 2-players game that should support network mode. I'm now testing it on 1 PC since I don't have 2. I directly use sockets, and both client and server do...
0
by: Usman | last post by:
Hi I'm having problem with a scenarion where I have a server written in C# and client written in VC6++. Here is the server code that i'm using including the Callback function for handling...
2
by: Macca | last post by:
My app has an asynchronous socket server. It will have 20 clients connected to the server. Each client sends data every 500 millisecondsThe Connections once established will not be closed unless...
14
by: ahlongxp | last post by:
Hi, everyone, I'm implementing a simple client/server protocol. Now I've got a situation: client will send server command,header paires and optionally body. server checks headers and decides...
0
by: khu84 | last post by:
Here is client server very simple code, seems to work with telnet but with with web client code gives blank output. Following is the server code:- <?php function...
2
by: nsaffary | last post by:
hi I hava a client/server program that run correctly when i run it in one computer(local) but when I run client on a one computer and run server run on another, connection does not stablish.(I set...
6
by: 7stud | last post by:
My question pertains to this example: #!/usr/bin/env python import socket, sys, time host = sys.argv textport = sys.argv s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.