I need my app to be able communicate with a web server. The problem is I want web server to respond only to requests made from real android phones.
So, is there any way to make sure, that server works only with real phones? It should reject anything else to prevent spamming database from computers or emulators. Is it possible without sms verification?
And how good is socket support in Android? If I want to write server software in C will it be able to communicate with Android based devices? Or I have to use php, or something like that?
Maybe OpenSSL, but still I'm not sure.
Thanks in advance!
PS: sorry for my English
There is no real way for a web server to distinguish a real mobile device from a device that poses as one. Generally, the user-agent header is used to determine the type of client device, the value of which can be overwritten by any client.
Related
I want to send a value from my website to my arduino using httprequest.
as the image explain, i want to enter my site from a device (let's say mobile phone) and send a request to my arduino from my website (webserver)
so i'm having this problems:
1- how to address the arduino without dns, should i have a fixed ip address for my arduino, is there any way else ?
2- what is the PHP code that i need to let the website send the request ??
i know i can connect arduino to web using httpclient, but i want the reverse process, that is connect the website to arduino ( the website as client and a arduino as a server)
is there anyway to do that ?
thank you and sorry for my bad english
I've recently made a similar project with a Raspberry Pi. But this doesn't make a difference.
First be careful with my solution. Anybody can join on your device, if they have your IP and Port. It might be not the best solution, but it works pretty good.
So what I did is, I've set a DynDNS to my router, so that I doesn't have to change the IP in my script every time. You can get a DynDNS from your provider or you can use the free service No-IP. Next I set a static local IP adress to my arduino/pi via the settings on my router. Then I also set port-forwarding to the arduino/pi.
Then you should be able to access your arduino/pi via the internet. And if you have this, you can also control it via any website you want.
To accomplish an HTTP request in PHP, there will be a lot of possible solutions. But I prefer this:
$response = file_get_contents(YOUR_DYNDNSIP_AND_PORT)
https://www.w3schools.com/php/func_filesystem_file_get_contents.asp
You also can additionally can get a response via this function.
To protect your own network, you can use HTTP Basic Authentication, which you have to add a username and a password to the request. This make it difficulter to access your arduino.
I hope this might help you.
I am thinking about a scenario where I want to send a data packet from my php service (based on certain behaviour) to a client (can be Android or Windows) connected to it.
A device which is connected to the internet is going to have an ip address.
So is it possible to send a packet (using socket or else) to this ip directly (without polling from client end) and can this data be read from the client.
Scenario is like this :
Client A --------------Registers Own IP Address-----------------> Server
Client B --------------Registers Own IP Address-----------------> Server
Events :
Some changes occur in the database (say)
Server detects the affected client (via some algo),say Client A
Sends a packet to Client A
Client A <--------------Send Data Packet----------------- Server
Is this at-all possible ?
If yes, how effective can this be ?
Please note that, Push notifications is not applicable in my situation.
I am looking for a live (realtime) data transmission system between client and server (both ways).
Any suggestion, help will be useful. Thanx
Absolutely possible to have persistent sockets open.
but I would say this would fail in a hosted environment. GoDaddy etc shuts that down. Been there done that.
I would highly recommend choosing a programming language like java (Whatever you are comfortable with). It is only going to be 200 lines of code.
I want to send a file from my browser to a server which is not the server on which the site is hosted.The problem is the another server is not a web server.
Is it programmatically possible to send a file to different server without the involvement of host server? I do not want copy of the file I am uploading on my hosting server.
Sorry for not being clear on the first go. I hope this makes sense.
Note: I have the IP address of server. Implementation has to be done in a secure way.
Create a signed application to handle the upload.
One of the fundamental rules of browser sandboxing is that you don't let the browser communicate to a server other than the one which provided the website. This has been a rule for quite some time, and is done for security reasons.
The only way I know of to bypass this restriction is to use a signed application. This is possible in several languages including at least Flash and Java. Once you've signed your application with an authoritative source, then you can specify that your application is known to communicate with a third-party server and should be trusted to do so. The process of doing this will be different depending on the technology you choose.
The server to which you are sending the file needs to allow some sort of protocol in order to accept the file. You do not specify what that is, but these languages should be more than sufficient to implement whatever you need.
given that you have the necessary authentication of the secondary server you can
i'll explain using ftp, but there can be other socket related ways
1) upload the file to your server as usual, using $_FILE
2) use the ftp class in php to transfer the file to the remote host
Thanks all for valuable suggestions. I am opting for bit weird way but it seems the only feasible solution considering the current requirements of the project.
I am planning to install lite version of web server and php on the external server which can accept uploaded files through browser.
Our team has worked out this is the best solution we can consider as of now.
Thanks again to all for their suggestions.
This is done all the time with Firefox plugins, (youtube etc.). Does it have to be driven from your page source ? How stealthily do you want to do this ?
The other server should use a common protocol, SSH or ftp or NFS or CIFS.
In any case the user is going to have to agree with the plugin or the applet or a third party service (think punkbuster) running in the background.
BF4 runs in a browser window via a plugin and routinely sends data to servers other than the game server.
I want to control a robot from the web, the robot is connected to Android device. The operation will be as the following :
a web application written using JavaScript and HTML runs on desktop computer which takes the keyboard input from the user and send them to the android device connected to the robot.
the android device receive the commands and then send them to Arduino board which used to control the robot.
But how should I deliver the data to the Android device which doesn't has a static IP address?
I have two approaches to solve that :
the JavaScript application sends the keyboard input to a web server runs PHP and MySQL , then the php application store the data on the MySQL database. An application runs on Android connected to that web server and extract the data from the MySQL database.
the JavaScript sends the data to the web server. The android application connected to the web server receives the data directly so the web server is just used as a relay.
The first approach is easy to do but its slow , so my question is...
How to implement the second approach and which web technologies should I use to implement it? And how to make the web server works as relay between two sides?
PS : I am planning to use 000webhost.com as web server. so I will not use my own server
You can either have your Android application poll the webserver for outstanding commands. This is a little inefficient in terms of data usage, but if you're on an unlimited 3G plan / wi-fi, you could live with it. It will be very easy to implement.
Alternatively, set up a TCP server on your server, and have your Android application open a socket connection with the server. This way, your web application can send commands to the server which will immediately stream them to the Android device. It will be slightly harder to implement, but will be more efficient and robust if done right.
PS - Most shared servers don't allow you to open a TCP server on your host so you might be forced to go with the first option.
PPS - I wasn't aware of Google Cloud Messaging. It seems to be a good solution for you what you're attempting to achieve. You should have a look into it.
I have recently written a socket server in PHP that will be handling communication between an Android phone application and my PHP webserver. Due to the fact that Android doesn't natively support push style notifications we are going to be using our webserver as the middleware layer to handle our 'pushes'.
The socket server is stable, runs well, and seems to scale nicely. While I would eventually like to re-write this in C I don't have the skill necessary to do that right now so I am going to be staying in PHP for at least a short while. As of this moment our Android emulator is able to communicate through the server, get pushes, etc. so that part is all covered.
My concern is that, right now, anyone can open a socket to my server and will be given a client connection. While we won't be passing sensitive data back and forth I don't want to allow just anyone to connect over and receive broadcast information, eat up my resources, and clog my server in general.
The question is, how do I secure a server like this? Let's assume that I am running on port 25,000--can I set up some sort of SSL layer on that port and expect devices like the Android to be able to communicate over that port without any special protocols or jumping through hoops?
I have considered asking the connecting clients to authenticate their user against our user database before being given a client connection, but that would require the passing of credentials in plain text over the network which I am NOT about to do.
Any suggestions on this would be very helpful--I am rather new to straight TCP communication from PHP and feel like I might just be missing something simple that allows for authentication on this level.
Additional information: If I am able to get a valid username and password securely I would be using MySQL to validate the user and then accept/reject their connection based on the results of the query.
Thanks in advance..
First, I hope you've implemented your PHP socket server in a fashion that allows more than one client to be connected at the same time. This is not as trivial as it should be given the absence of threads in PHP, but it's certainly.
Now, if you already have a socket server implemented, adding TLS support is easy. Just run stunnel and have your PHP socket server only accept requests on the local interface.
I don't think SSL is really going to solve your problem. At best with SSL you can provide each client with a client certificate and do client certificate validation on the server. But you'll need to manage tons of certificates then. Or give everyone the same client certificate (not a good idea).
You'll have to authenticate the client using his credentials. You are right that you don't want to send the credentials in plain text over the network, but there are simple alternatives. Take a look at e.g. HTTP Digest Authentication (http://en.wikipedia.org/wiki/Digest_access_authentication) or xAuth (http://dev.twitter.com/pages/xauth). You don't have to implement these techniques over HTTP; you can just as well send a challenge (a realm) over a simple tcp socket after you have accepted the connection. The client should then send a valid response within a short timeframe or the server aborts the connection.
By the way, did you consider HTTP streaming? See http://ajaxpatterns.org/HTTP_Streaming
It would probably make your life a lot easier as you can rely upon some other service (e.g. Apache) doing the hard work for you, and you can focus on the business value of your application.
you might want to consider:
Cloud to Device Messaging : http://code.google.com/android/c2dm/index.html
The only drawback is that it is only supported by android >=2.2
Not sure why you guys didn't use some off the shelf messaging library/server for java, then create an android service that connects to the message broker and handles all initial authentication.
The service would simply sit there and wait for any incoming messages.
(I'm pretty sure that listening for network data doesn't power up the radio, only when the data is actually there that the radio powers up. I suspect this is how C2DM works.)
This is better then polling because you're only waiting for data. You're not constantly sending packets requesting data. But you knew that already.
I did this, (I used the rabbitmq-java library and the rabbitmq message queue server) and had push style notification for my app in no-time. Even with Android 1.5 devices.
About security:
You could also implement your own security but without having to send plain-text passwords. Simply encrypt the passwords using something like MD5 before passing it through the network.
Then compare the encrypted password with the encrypted password you have on file.
This way, only encrypted passwords will go through the network.