Lets say I am making a web app (e.g. mean stack) for an exhibition, i want to ensure my server only take requests from users who are really in the venue, how can I do it? What are the common attacks?
Asked
Active
Viewed 53 times
-3
-
Only allow connections from that revenue's WiFi network? Simple IP filter will do. – madhead Nov 04 '17 at 18:01
2 Answers
1
The short and generic answer is you cannot really do this, but read on.
The question you need to answer is against what do you want to protect your app, what is the threat that you are trying to mitigate.
You can build any protection in your mobile app (like for example the one in the other answer), but keep in mind that the client is fully controlled by the user. For example the user may fake location coordinates for the app (see Pokemon Go), it is very easy to do either in an emulator or an actual device. Or even easier, the user can just make requests from an arbitrary source, not your application. A server request would have to contain the location of the user - but the user can send whatever he wants. So in short, anything on the client is fully controlled by the user.
So this leads to server-side protection as the only way for an actually secure solution (one that is reasonably hard to circumvent). The only source where your server knows where physically the client is if the client tells the server - but we have seen above that is unreliable.
However, there is one thing a client can't reasonably fake (at least not easily), and that is the client IP address. So pretty much the only thing you can do to prevent users not being present at a venue from using your service is to lock it down on the network level, for example your API server should only be accessible from the IP range that the wifi at the venue provides (presumably a local address range, or if your API is in the cloud then the public IP address or range of the venue).
Gabor Lengyel
- 14,129
- 4
- 32
- 59
0
Save your venue location in your app or on your server side. Then try keep track of users by getting their location around 100 ms or a Radius which you choose.
add CoreLocation.framework to BuildPhases -> Link Binary With Libraries (no longer necessary as of XCode 7.2.1)
import CoreLocation to your class - probably ViewController.swift
add CLLocationManagerDelegate to your class declaration
Add NSLocationWhenInUseUsageDescription and NSLocationAlwaysUsageDescription to plist init location manager:
locationManager = CLLocationManager()
locationManager.delegate = self;
locationManager.desiredAccuracy = kCLLocationAccuracyBest
locationManager.requestAlwaysAuthorization()
locationManager.startUpdatingLocation()
get User Location By:
func locationManager(manager: CLLocationManager, didUpdateLocations locations: [CLLocation]) {
var locValue:CLLocationCoordinate2D = manager.location.coordinate
print("locations = \(locValue.latitude) \(locValue.longitude)")
}
Do have a look into thisTracking Location
Jeesson_7
- 761
- 1
- 11
- 38