使用套接字连接作为用户身份

huangapple go评论62阅读模式
英文:

Use socket Connection as User Identity

问题

我正在创建一个Java TCP套接字服务器(java.net.Socket),为每个客户端连接使用一个线程。
我想知道是否可以通过用户的连接对其进行身份验证,还是会缺乏安全性?

目前,为了验证线程连接是否可以访问特定的应用程序资源,我是这样验证身份的:

public boolean Authenticate()
{
    return Thread.currentThread().getId() == this.userThread.getId();
}
英文:

I´m creating a Java TCP socket server (java.net.Socket) using one thread for each client connection.
I would like to know if I can authenticate the user by his connection. or would it be a lack of security?

at the moment to verify if a thread connection can access a specific app resource, I`m verifying the identity like this:

public boolean Authenticate()
{
    return Thread.currentThread().getId() == this.userThread.getId();
}

答案1

得分: 2

不是。

连接本身并不是一个确定的身份。它只是用于传输数据的通信和底层基础设施。要验证用户,您需要实现发送唯一标识符的功能。

线程在连接时创建,并且即使是相同的“用户”连接,它们也会在连接之间更改。

保护用户的身份是在应用层进行的(请参见OSI模型),而通信是在下面的各个级别上进行的。

您可以添加加密以使通信更加安全。

英文:

No.

The connection it self is not a certain identity.
It is only communication and the underlying infrastructure to transport the data.
To validate a user you need to implement something that sends a unique identifier.

Threads are created at connection time and will change from connection to connection even if it is the same "user" connecting.

Securing the identity of a user is done at application layer (see OSI model) while communication is done on various levels below.

To this you can add the encryption to make the communication secure.

huangapple
  • 本文由 发表于 2020年10月7日 15:52:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/64239620.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定