Handshaking

[Phreak]

Ok... as I've mentioned before in some other threads, a friend of mine and I are trying to create a messaging program completely from scratch. Now, with the suggestions of others, we've decided on using the client/server method as opposed to peer-to-peer. Now, for my question.

 

We don't just want "anyone" connecting to this port on our server, so we want to develop some type of "handshake". How would one go about setting up a connection so that in order to connect to the server, the client must provide a "connect string" to authenticate the client or the connection is dropped by the server. Such as:

 

If someone doesn't provide the required information within a certain time period when connected to that port, the server drops the connection.

 

Thanks.

[divil]

The way Messenger does it is to establish a random "password" for each chatroom created, even those with just two people. When the notification is sent to a client that a chatroom has been established and a message is about to be sent, the password is sent along with it. The client can then connect to the chat server and give their password.

[Phreak]

I was thinking more along the lines of a hacker connecting to that port on the server. Or is that what you mean?

[divil]

That's what I mean - the hacker would not be able to get in to the chatroom because they wouldn't have been given the access code by the main server.

[Phreak]

So you mean if a user doesn't have that password, the server will disconnect them. Because what I don't want, is someone just connecting to the server using TCP and gaining access to the server itself. That's what I'm trying to prevent. Because people are going to be connected to the server when they're not chatting with anyone, but they should only be connected through our program. I want to prevent anyone from connecting that is not using our program.