I am making a private server for a game, and I need to redirect all requests from http://crossfire.z8games.com/ to (let's say) http://cfire.v1k.me/ but only while the redirection program is running. I need some suggestions and what language this is best done (in java/c++, etc.)
I don't want to hex edit program, because I want the user to easily switch between my server and the original server.
So, again, I want some suggestions and code examples on how to simply redirect xxx.xx to yyy.yy with a simple application without modifying the hosts file.
You can use Java's HttpURLConnection to check for an error when connecting to the first url. If an error happens, then you try the second one.
Here's an example that shows how to connect to one url. In the catch blocks, that's where you should try to connect to the second url.
Related
Application use: I am creating a connection between a tablet and a desktop. This tablet will send command to my desktop that my java app will then interpret and do accordingly. One of these features I would like to include is controlling Skype. Such as focusing on it. Switching chats. Initiating call. Sending message. ect. But I can't seem get the URI api to work. (This is the only known api that will allow me to initiate calls and chats, so if you know of any other. Please do tell.)
I am not sure If I am doing it right being that this is my first time using a URI ever. This is what I have using
import java.net.URI
public void uriTest(){
try{
URI uri = URI.create("skype:echo123?call");
}catch(Exception ex){
ex.printStackTrace();
}
}
What am I missing? I know it is probably a lot. Is there some sort of way to implement it. Or when you call .create() does it automatically do it for you?
Any help or clarification will be greatly appreciated.
Your code constucted an URI and now you have one, nothing more, nothing less. An URI is - as the name "Universsal Resource Identifier" says - just an identifier.
What you probably want to do is establish a connection to a location identified by that URI. So you need a special identifier, a so-called "Universal Resource Locator" or URL:
URL url = new URL("skype:echo123?call");
Still nothing happening since we only defined a location. Next you have to connect to it:
URLConnection conn = url.openConnection();
Now you got an URLConnection-object (in this case a HttpURLConnection) and you can operate with it: post data, read responses etc. Read up on the API of java.net.HttpURLConnection to learn more.
You should write a web application, and deploy it on a web server program such as Tomcat, on your desktop machine. You can then write an app on your tablet which would connect to the server and send commands to the server.
The web application could parse the commands and do something with Skype application running on the desktop.
You would probably write a JSON api and deploy it on the Tomcat server, and then invoke the JSON api from the tablet app.
I'm building an android application which uses a PHP web service (I am building this also).
My question is, how do I prevent unauthorised users using my webservice? For example, could someone get the address of my web service and use it outside of my app (e.g. sending post variables to my service)?
Another related question is how do I prevent spam requests on my webservice? Would it be a case of logging the IP address and limiting the amount of calls?
You can use an HTTPS connection between the Android device and your webservice API endpoint.
Limit you webservice so that it accept only HTTPS connections. You can easily do this using Apache (perhaps using the SSLRequireSSL directive) or directly in your PHP connection handler.
While using an HTTPS transport stream, you can pass specific arguments when making an API call to your webservice to ensure the request has been sent from your application. Nobody will be able to know what specific data are transmitted and will not be able to reproduce an acceptable connection to your remote service.
Regarding your second question, you can indeed limit the number of requests for a given amount of time. Either in PHP or by using specific tools such as fail2ban.
PHP can receive data via POST or GET out of your site and even the internet browser. One of the methods used to do this is by curl.
To what are you referring to this question is known as Cross-site request forgery.
If you are able, you should implement the use of HTTPS in your app and this could solve many security problems.
In case you can not use HTTPS (whether it is expensive or any other problem):
You must verify the information received by POST or GET in your PHP, this language has much ability to solve these "problems"; Take a look at this part of the PHP official documentation.
Suppose you're building a login system:
Also you can add in the login page place a hidden element with secret unique code that can happend only once, save this secret code in session, so, the loging script look in session for this code, compare with what was posted to the script, should same to proceed.
And, if you want to get the IP address of your visitors:
function getRealIpAddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
Finally, read this.
EDIT
If you can't pay an HTTPS certificate, (as Halim Qarroum says) you can use:
Self signed SSL certificates,
which are free.
Of course this has its advantages and disadvantages
I need a secure way to send information from a Java application to a database for my website. I currently have a PHP page on the server that accepts the parameters posted from a URLConnection in Java, and then updates the database. My fear is that, if somebody decompiles it, they can see the exact URL and parameters. I am new to this type of development, so I don't know a better/safer way to do it.
What is a better or safer way to get the data to the database?
If you want to give the application access to the database then you can never 100% prevent any application simulating the behaviour of your application from having the same access. period. You can only make your pattern harder to be found.
Better is letting your server (in this case your php-document) validate each and every input it gets so that bad behaviour is excluded. Let the php generate querys and let the client-application only send the data needed like username, password or other information. in your php, you have to be prepared, that everything could be send, not only data you expect. Use prepared statements to prevent sql-injections and use regex to sanitise any input given.
If I understood well, you're afraid that someone will find out from your code url, username and password and connect to the database with these parameters. You can prevent that misbehaviour on network layer (i.e. allowing only your IP address to access the database by configuring firewall) or, if you cannot alter firewall/router configuration then change the database configuration. For example, PostgreSQL has a file pg_hba.conf where you can specify list of IP addresses that are allowed to access. However, you must prevent other vulnerabilites like SQL injection that use your connection to the database.
From the sounds it, your using a Java program to connect to your PHP/server. If your worried about the security of the connection, you could establish a SSL connection using HTTPS (example here)
You could also establish a challenge/response protocol, where the server requests some kind of key from the client, this could use a rolling series of public/private keys with the message encrypted with these to further reduce the chance of a false input request
Actually Iam writing a plugin for an java app that comes in two flavours 1.)as executable and 2.) can be launched from a webpage as an applet.
At some point I needed a custom form that displays various data from an oracle database. I build that form and the class that does the jdbc query needed.
Now when it comes to the executable the form pops up correctly with the expected results, but when I try to call it from the applet it launches with all fields empty and no error whats so ever.
The only thing I can think of is that due to the asychronous nature of the web, the form pops up before the query returns the result.
If that is true, is there a workaround?
I believe that you just catch exceptions and therefore do not see them. Or just do not know where to search for them. Did you open applet console? I believe that you will find some exception there.
Applet is not different from application. Applet just has security restrictions. It cannot perform TCP connection to server other than one it was downloaded from. And important: the security check is pretty stupid. It is based on string comparison. It just compares host names of applet base and the host name of host where you want to connect. If for example your host name is myhost.mycompany.com and its IP is 200.201.202.203 you have to use either DNS name or IP address in both places even if ping of DNS name returns your IP adderess. Check this and I hope everything will work.
BTW, do you probably know that you are using "old", "obsolete" design? This is the beginning of 90s design. People switched to N-tier architecture ~12 years ago, so, to improve your solution you should implement DB access on server side and talk to server via some kind of protocol, e.g. rest API.
I have two users in my machine and I'm running a code that opens a ServerSocket on a specific port via an ajax call. What I'm trying to do is detect which user has opened the Socket.
For example: I'm current logged in with user "admin".
So, I make an ajax call and it opens the ServerSocket. If I run System.getProperty("user.name") it returns "admin" as expected.
But, when I change user to "lucas" and try to make an ajax call to the server, when I run System.getProperty("user.name") it stills return "admin" probably because the code is running on that user.
Knowing this, is there any way I could tell my server which user is making the ajax call?
Briefly, no. A socket has no information about who has opened it. You could track the host that has opened it, and that may be of use if you have a host/user mapping, but what I really think you want is some form of authentication for your clients. In that scenario, your user will open a socket and be challenged for identifying info. That will allow you to determine the user from the server's perspective.