¿Cómo ocultar mi nombre de dominio o ip al usuario que descarga desde mi sitio (ASP.NET)? [cerrado]

I'm developing a windows application in C# and I also developed a asp.net website and hosted in a server. My motive is to not show my server source or domain address to the user.

Hence I designed a custom browser in c#(win app) then I just navigated user to my asp.net site. I haven't kept address bar and I disabled right click option in that browser. So the user just can view the page, cant find the server info.

But the issue that I'm facing now is, when the user tries to download anything from the site, Internet Explorer's download window opens up and asks where to save. But there in the screen it shows my server ip or domain address to the user. so how can I hide that from the user, or can you please say me a solution to my problem. ie ( I dont wanna show my server info to my users but I want them to download or save from my site)

preguntado el 01 de febrero de 12 a las 04:02

This is really silly; anyone who wants to find out where your server is could (for example) use a proxy to capture the requests and examine them. -

I am pretty sure you can't do this for security reasons. I would nunca accept a file download from a site without knowing where it's coming from. A simple XSS attack on your site will easily turn things ugly. -

If you want your site to remain anonymous then use a protocol that is designed for it. Some variants of the BitTorrent protocol come to mind. -

I would advise anyone to uninstall your software if I knew it was trying to conceal where it downloads its resources from. -

@RenInfoTech - The answers you're getting to your question indicate that this is just a bad idea. Could we help you figure out a way around the technical challenges? Most likely. debería we? probably not. -

2 Respuestas

This is impossible. The user can always find the remote IP address using netstat or their router's network logging information.

If you absolutely must continue down this path then you can do something similar by requiring your users to configure the Puerta services and publish your server as a Tor hidden service. The Tor hidden services are only accessible by users on Tor and they cannot determine the "source" IP address because it has been bounced through several anonymizing routers on the public Internet.

Depending upon your user base this might either be impossible, unlikely, or the most logical step.

Respondido 01 Feb 12, 08:02

I initially had the same response as everyone else, but upon reconsidering I decided that there's a little more nuance in this question than I originally thought, as well as some opportunities for learning.

Who is your "adversary" in this scenario, and what is the cost of them finding out your server? How much control do you have over the rest of the computer? The network?

If your target platform is a kiosk in a shopping mall that doesn't run any other software and is pretty well locked down at the OS level, on a network that you (or at least an indifferent third party) has control over, then you might have a chance at making your plan work.

Your plan will fail if the attacker has both any control over the computer or network and a sufficient motivation to find out your secret.

Your proposed plan is a bad idea if the consequences of your server location being disclosed are high. Will someone lose money? Will someone go to jail? Will someone who should go to jail, not go to jail?

If your adversary controls a computer (including network routers), then there is no way to put a secret on that computer in such a way that your software knows it but theirs doesn't. If your software knows the address of the server, a sufficiently motivated adversary can too.

Some people mentioned Tor as an option. This is a good option as it moves the secret off of the client computer and it's network to the indifferent, third-party, network of Tor nodes. However, Tor can be considered a security protocol, and the use of security protocols is always the beginning of your security odyssey, not the end of it. You probably can make it work if you introduce Tor into the system. It will take a lot of your resources to do so.

Evaluate your goals. How secret do you want to keep this secret?

Evaluate your adversary. What are their capabilities? What do they control? How motivated are they to get your secret?

Tailor your design accordingly.

Respondido 01 Feb 12, 09:02

Definitely agree with the Shopping Mall Kiosk description. Depending on what the platform is, and how much control you have over the hardware, you might well be able to make your site seemingly invisible to the UI. Just understand that it can never be truly invisible in a do-or-die security sense. - abelenky

Wish I had another +1 to give for the use of security protocols is always the beginning of your security odyssey, not the end of it. Ain't that the truth.... - sarnold

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.