6 Replies - 415 Views - Last Post: 03 December 2013 - 04:21 PM Rate Topic: -----

#1 Karil  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 3
  • Joined: 28-November 13

Need help with Client/Server

Posted 28 November 2013 - 08:47 PM

I am planning to return to programming and decided to go further into network programming in C#.

Here are my current thoughts on a support project:

Server: Monitor connected clients (aliases), processes questions/answers per client, and may implement a few other things.

Client 1: User logs in under alias, enters question, and sends to server. Notifies the user when they receive a reply.

*User is allowed one question (prevent spam).

Client 2: Questions are forwarded to this user and they will reply with answers. Has privilege to close the question, if answered.

Real Story behind this purpose is..
My role in a game I play is to assist players and answer their questions. I enjoy chatting with them through the game's client, but I wanted to get back into programming and this came to my mind.

Projects I usually made for learning were small and insecure applications. They had a lot of hard coded information (ip addresses, signals, etc).

Any advice for approaching this type of application?
-Security
-Layout

Thank you for your time.

Is This A Good Question/Topic? 0
  • +

Replies To: Need help with Client/Server

#2 jhouns  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 25
  • View blog
  • Posts: 100
  • Joined: 21-December 09

Re: Need help with Client/Server

Posted 29 November 2013 - 07:51 AM

There are so many ways in which you could do this, do you want the asker's client (who submit the question now referred to as AC) to directly connect to you? Or would you prefer it to connect to a server first and assign the question to a list of potential people who could answer it?

Do you want to experiment with web systems using ASP? Or stick with desktop applications only and utilise TCP/IP.

If you can give me that information I can give you a bit more tailored assistance.

EDIT:
This is solely so I can understand what you want to learn about from this experience, there's no use me saying you could take the web route into consideration if you're interested in TCP/IP exclusively and no point in me explaining a multi user 'match up' type system if you just want it to be a direct connection to you.

This post has been edited by jhouns: 29 November 2013 - 07:53 AM

Was This Post Helpful? 0
  • +
  • -

#3 Karil  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 3
  • Joined: 28-November 13

Re: Need help with Client/Server

Posted 29 November 2013 - 11:38 AM

Planning to use desktop applications only with TCP/IP.

Also, I prefer connecting AC to the server and the question will be forwarded to another client who replies.
Was This Post Helpful? 0
  • +
  • -

#4 jhouns  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 25
  • View blog
  • Posts: 100
  • Joined: 21-December 09

Re: Need help with Client/Server

Posted 29 November 2013 - 12:54 PM

Nothing wrong with any of those choices, they're very good things to learn about. I'm going to describe this in 3 parts to give you a more architectural layout.

Part 1) The server
This typically is it's own PC, but it doesn't have to be, it can be run on your normal PC alongside your part of the application. All it does is start up, listen on the port that AC application sends messages to and read the packet header (if you get stuck on this you can ask about it later) to get the information, you decide beforehand what that header means, you could say if it's a "1" that it means it's an incoming question or if it's a "2" then it's an answer to a question. You can then write information sent to a console window or text file as a form of logging. But other than that, if just needs to say "OH LOOK! A PACKET! It's header is 1. I need to send this to the CAA (IP Address xxxxxX) on port xxxxx" or "its header is 2, I need to send this to the user as a reply!".

Part 2) The AC
This part is the bit they'll enter questions into. This should be as small as possible and shouldn't need to be installed, that way people are less adverse to downloading it. It sounds like you aren't using actual accounts so that makes a lot easier. It will require knowing what IP address to send the information to and on what port. There are lots of ways to do this, having a textbox to input it, using some form of application settings or whatever. I recommend having a simple text file that holds the information. Then when they type in a name and question and hit that button, it knows where to send the information.

Part 3) Client Answering Application (CAA)
This one listens on the port the server will be forwarding the packets to. It reads the information sent by opening the packet and splitting up the contents (i.e. if it were structured "JHOUNS|HOW DO I DO SUCH AND SUCH?" you would split it at '|' to get the two parts). You can then add it to a listbox, array or whatever you want to show the question. Once you're done answering it, it just has to package up the answer into a packet and send it to the server to be forwarded back to the user.

Please bear in mind that this is a simple view of what's happening.
In order to allow 2 way communication the AC has to send it's IP address as well. It should ideally contain these 3 things:
IP Address,
Alias,
Question.

Then when you press reply, and send the message back to the server, the server will know where to forward the IP address to.

Alternatively you could skip the server and just have direct communication between the AC and CAA, which is, again perfectly fine unless you want to have it, say, forwarded to one of many people, or save it to disk if you aren't currently online.

With regards to security concerns, it's good to think about, but not really necessary in this case. Seeing as no confidential information (like passwords) are in use there's not much need to encrypt the packets (which you could do if you wanted) and no real information is stored that's sensitive. The only concern I would have is logging any packets that aren't recognised and/or logging all packets to a text file in case something happens like so:

switch(packetHeader)
{
    case 1:
        forwardToQuestionAnswerer(packet);
        break;
    case 2:
        forwardToQuestionAsker(packet);
        break;
    default:
        Console.WriteLine("Unrecognised packet! " + packet.ToString());
        break;

}



This is all deliberately abstracted and 'fluffy' so that you can get the general idea and work it out for yourself, but if you are confused about any of it or need a more concrete example/base feel free to ask for help.
Was This Post Helpful? 0
  • +
  • -

#5 Skydiver  Icon User is online

  • Code herder
  • member icon

Reputation: 3452
  • View blog
  • Posts: 10,653
  • Joined: 05-May 12

Re: Need help with Client/Server

Posted 29 November 2013 - 04:46 PM

Although there is nothing confidential being transmitted, there is still the concern of a man-in-the-middle attack.

Consider this without MITM:
AC to Server: "Is the earth round?"
Server to CAA: "Is the earth round?"
CAA to Server: "Yes. Done."
Server to AC: "Yes. Done."

Now consider this with Malory as the man in the middle:
AC to Server: "Is the earth round?"
Server to Malory: "Is the earth round?"
Malory to CAA: "Is the earth round?"
CAA to Malory: "Yes. Done."
Malory to Server: "I'll tell you the answer if you give me your credit card number."
Server to AC: "I'll tell you the answer if you give me your credit card number."
AC to Server: "It is 12345678."
Server to Malory: "It is 12345678."
Malory to Server. "No. Done."
Server to AC: "No. Done."

So not only did Malory manage to get a credit card number, he also managed to mislead the asker.
Was This Post Helpful? 0
  • +
  • -

#6 jhouns  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 25
  • View blog
  • Posts: 100
  • Joined: 21-December 09

Re: Need help with Client/Server

Posted 30 November 2013 - 12:20 PM

I see your concern and was mostly weighing up the odds of a MITM attack as a real risk in this scenario. Regardless, you are correct and there are lots of ways to combat it. Firstly you can use simple encryption such as rsa or aes. You can find samples for these around (on my phone will look later for you). Before the packet is sent you can encrypt the body so even if it is interpreted they can't read it. Then the server or answerer can decode

you may also wish to send a hash of the message before and after it was encrypted to double check it wasn't tampered with. Will elaborate when home from this perl conference.

EDIT: Home now, will leave the above as is though.
Here is a SO of an example of AES (with sources)

You want to do something like this:
String packet = createPacketBody();
packet = Encrypt(packet);
sendPacket(packet);


Then reverse the process on the server to get the information needed before re-encrypting it and forwarding it. That way intercepting it won't give the hacker anything.

Now, the hash thing. Similar to above, but with a couple of additions. Firstly, for fun, you CAN use MD5. But I STRONGLY RECOMMEND AGAINST IT.

Anyway, pressing on.
String packet = createPacketBody();
String packetHash = getHash(packet);
packet = Encrypt(packet);
String encPacketHash = getHash(packet);
packet += "|" + packetHash + "|" + encPacketHash
sendPacket(packet);


This way, when the packet is received on the server, it can split the packet at "|" and retrieve the hash for the encrypted packet body to check it hasn't changed. After decryption you use the first hash ('packetHash') to verify the decrypted message is the same. This way, you get at least a basic piece of protection, if any of it has changed, throw it away, it's useless.

This post has been edited by jhouns: 30 November 2013 - 03:26 PM

Was This Post Helpful? 0
  • +
  • -

#7 Karil  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 3
  • Joined: 28-November 13

Re: Need help with Client/Server

Posted 03 December 2013 - 04:21 PM

Thank you guys for helping me.

Had time this weekend to start working on the client/server, but need to look into hashing, salting, and the AES encryption that was provided.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1