英文:
Use socket Connection as User Identity
问题
我正在创建一个Java TCP套接字服务器(java.net.Socket),为每个客户端连接使用一个线程。
我想知道是否可以通过用户的连接对其进行身份验证,还是会缺乏安全性?
目前,为了验证线程连接是否可以访问特定的应用程序资源,我是这样验证身份的:
public boolean Authenticate()
{
return Thread.currentThread().getId() == this.userThread.getId();
}
英文:
I´m creating a Java TCP socket server (java.net.Socket) using one thread for each client connection.
I would like to know if I can authenticate the user by his connection. or would it be a lack of security?
at the moment to verify if a thread connection can access a specific app resource, I`m verifying the identity like this:
public boolean Authenticate()
{
return Thread.currentThread().getId() == this.userThread.getId();
}
答案1
得分: 2
不是。
连接本身并不是一个确定的身份。它只是用于传输数据的通信和底层基础设施。要验证用户,您需要实现发送唯一标识符的功能。
线程在连接时创建,并且即使是相同的“用户”连接,它们也会在连接之间更改。
保护用户的身份是在应用层进行的(请参见OSI模型),而通信是在下面的各个级别上进行的。
您可以添加加密以使通信更加安全。
英文:
No.
The connection it self is not a certain identity.
It is only communication and the underlying infrastructure to transport the data.
To validate a user you need to implement something that sends a unique identifier.
Threads are created at connection time and will change from connection to connection even if it is the same "user" connecting.
Securing the identity of a user is done at application layer (see OSI model) while communication is done on various levels below.
To this you can add the encryption to make the communication secure.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论