Sivan Greenberg wrote:
Hi list,
I'm developing and application that sends very small amounts of data
over HTTP ReST to an http server, and want to restrict request to
those only coming from the device itself (the N900 running
Maemo/MeeGo). This will be of-course complemented with a user login
and limitation of how many "pings" such a user can do to the server a
day.
What would be the way to achieve this? Has anyone done/ tried
something like this before? (I thought about reading some hardware
identified off the device, but then again- how do I make sure an IMEI
is an RX-51 one?
Several issues occur.
Firstly - why on earth do you care?
If a user is authenticated, why does it matter if they are breaking any
agreements they may have made with you to only access content on their n900.
Bearing in mind that the absolute maximum possible deterrance is the
cost of a 'new' n900 on ebay.
The silly hack that comes to mind is to go to the firmware download
page, and use that as an authenticator, but that would be insane.
Also - as a user, I would be hesitant at giving out my IMEI.
While there are few risks at the moment, open-source GSM platforms are
becoming available to the hacker community, and the protocol was not
really designed for security.
I will note that http://www.omniqueue.com/ shows a pleasing sparseness
of design, that many websites would do well to imitate.
No flash ads, no slow javascript, and at 0 bytes, quick to transfer!
_______________________________________________
maemo-developers mailing list
maemo-developers@maemo.org
https://lists.maemo.org/mailman/listinfo/maemo-developers
