rvkvino
Need to know the logic behind the security to connect my remote adapter by LS client. Because if some others copy and use in their domain means it is working well what I have dome in my site.
For this I have tried to check the domain name in meta data adapter, If the domain name exist I will send the response. Now I need to use LS in my mobile app also, so what is the logic I need to use in metadata adapter to restrict using my LS response from others who are trying my code in their site
Giuseppe Corti
Hi rvkvino
Assuming that you do not want to adopt a traditional authentication mechanism with user and password, you could leverage some application tricks, such as determining a specific identification label for your application,
and pass this information in each lightstreamer session through the setUser or setHttpExtraHeaders. At the server-side you will check this information in your Metadata Adapter, and in the specific in the methods: notifyUser or notifyNewSession.
Alternatively, you can look in all the information that reaches your Metadata Adapeter (for example in the ClientContext of notifyNewSession) if any of them precisely identify your application and can be used in place of Host header.
Please let us know if you need any further clarifications.
Regards,
Giuseppe
rvkvino
Hi,
If I set in setUser or setHttpExtraHeaders means others also can check that code via browser developer tools.
Giuseppe Corti
Hi rvkvino,
Did you mean that the source code of Web and Mobile application will be exactly the same? Any chances for obfuscated code?
In any case, another possibility is to retrieve at run time the package name (appContext.getPackageName() - that is the unique id of your application) and use this.
Regards,
Giuseppe
