On Sep 12, 2005, at 11:26 AM, Frank Millman wrote: > If I move all the authentication and business logic to a program which > runs on the server, it is up to the system administrator to ensure that > only authorised people have read/write/execute privileges on that > program. Clients will have no privileges, not even execute. They will > have their own client program, which has to connect to my server > program, and communicate with it in predefined ways. I *think* that in > this way I can ensure that they cannot do anything outside the bounds > of what I allow them. I think you have no choice but to do this. Even if you package up the program in an unmodifiable form, a competent user with a packet sniffer or even standard OS utilities can determine where you are connecting and bypass your security/logic. Only if the logic is implemented at a point beyond the user's reach can you be ensured of logic integrity. -Michael
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4