I'm developing a windows application in C# and I also developed a asp.net website and hosted in a server. My motive is to not show my server source or domain address to the user.
Hence I designed a custom browser in c#(win app) then I just navigated user to my asp.net site. I haven't kept address bar and I disabled right click option in that browser. So the user just can view the page, cant find the server info.
But the issue that I'm facing now is, when the user tries to download anything from the site, Internet Explorer's download window opens up and asks where to save. But there in the screen it shows my server ip or domain address to the user. so how can I hide that from the user, or can you please say me a solution to my problem. ie ( I dont wanna show my server info to my users but I want them to download or save from my site)
preguntado el 01 de febrero de 12 a las 04:02
This is impossible. The user can always find the remote IP address using
netstat or their router's network logging information.
If you absolutely must continue down this path then you can do something similar by requiring your users to configure the Puerta services and publish your server as a Tor hidden service. The Tor hidden services are only accessible by users on Tor and they cannot determine the "source" IP address because it has been bounced through several anonymizing routers on the public Internet.
Depending upon your user base this might either be impossible, unlikely, or the most logical step.
I initially had the same response as everyone else, but upon reconsidering I decided that there's a little more nuance in this question than I originally thought, as well as some opportunities for learning.
Who is your "adversary" in this scenario, and what is the cost of them finding out your server? How much control do you have over the rest of the computer? The network?
If your target platform is a kiosk in a shopping mall that doesn't run any other software and is pretty well locked down at the OS level, on a network that you (or at least an indifferent third party) has control over, then you might have a chance at making your plan work.
Your plan will fail if the attacker has both any control over the computer or network and a sufficient motivation to find out your secret.
Your proposed plan is a bad idea if the consequences of your server location being disclosed are high. Will someone lose money? Will someone go to jail? Will someone who should go to jail, not go to jail?
If your adversary controls a computer (including network routers), then there is no way to put a secret on that computer in such a way that your software knows it but theirs doesn't. If your software knows the address of the server, a sufficiently motivated adversary can too.
Some people mentioned Tor as an option. This is a good option as it moves the secret off of the client computer and it's network to the indifferent, third-party, network of Tor nodes. However, Tor can be considered a security protocol, and the use of security protocols is always the beginning of your security odyssey, not the end of it. You probably can make it work if you introduce Tor into the system. It will take a lot of your resources to do so.
Evaluate your goals. How secret do you want to keep this secret?
Evaluate your adversary. What are their capabilities? What do they control? How motivated are they to get your secret?
Tailor your design accordingly.