Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. Client-server application
Forum Updated to NodeBB v4.3 + New Features

Client-server application

Scheduled Pinned Locked Moved General and Desktop
24 Posts 7 Posters 12.6k Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z Offline
    Z Offline
    za83
    wrote on last edited by
    #1

    I am going to develop client-server application. First of all i am interested how to realize sessions. Is identifying user by IP after authorization the best way? Or sending login with password in packets each time is better. Does QT have already done decisions?

    1 Reply Last reply
    0
    • H Offline
      H Offline
      hindsight
      wrote on last edited by
      #2

      The best way to identify the user is to use the RSA encryption.
      What exactly do you mean by 'sessions'?

      1 Reply Last reply
      0
      • M Offline
        M Offline
        MuldeR
        wrote on last edited by
        #3

        Using the IP address for authentication is nonsense! First of all, users with dial-up internet connection (like DSL) get a new IP address every time they connect (or after 24h). Thus IP address 123 might be assigned to "Alice" now, but two hours later that very same address might be assigned to "Bob". Also there may be a large number of computers (e.g. a complete company or a complete university!) connected to the Internet trough a NAT router. So it's easily possible that you have hundreds of users with the very same (public) IP address...

        You will need to authenticate the session with login + password, but don't even dare to send the password un-encrypted. Send them via encrypted connection - or use a challenge-response method. Also never (never ever!) store passwords on the server as plain text. Store (salted!) hashes of passwords.

        My OpenSource software at: http://muldersoft.com/

        Qt v4.8.6 MSVC 2013, static/shared: http://goo.gl/BXqhrS

        Go visit the coop: http://youtu.be/Jay...

        1 Reply Last reply
        0
        • Z Offline
          Z Offline
          za83
          wrote on last edited by
          #4

          Thanks. I have seen there is QSessionManager class. Is it suitable class for this task?

          1 Reply Last reply
          0
          • Q Offline
            Q Offline
            qxoz
            wrote on last edited by
            #5

            The documentation says
            The session manager is used to save the session, e.g., when the machine is shut down, and to restore a session, e.g., when the machine is started up. We recommend that you use QSettings to save an application's settings, for example, window positions, recently used files, etc. When the application is restarted by the session manager, you can restore the settings.

            For network app i'd recommended use array of password+login and session parameters. In case accessing is done without passwords you can generate some unique data for identify user and send back to him. All subsequent requests will be done with this identifier, in case a long idle identifier on server side will be destroyed and user start new session.

            1 Reply Last reply
            0
            • A Offline
              A Offline
              andre
              wrote on last edited by
              #6

              What is your idea of what this session is supposed to represent?
              Normally, a session would just be the time a TCP connection stays open. Why do you think you need to send some kind of token back and forth the whole time?

              Anyway, if you want your sessions to survive disconnects, for instance if you're going to be using very unrelyable networks, you might want to consider having the server send a token to the client after the log in that can be used as the session key. Obviously, such tokens should not be exchanged in the plain. Use an SSL connection instead, otherwise you're going to be vunerable to man-in-the-middle attacks.

              1 Reply Last reply
              0
              • Z Offline
                Z Offline
                za83
                wrote on last edited by
                #7

                Do I have to use QSslSocket?
                I'd like to look at simple client and server example.

                1 Reply Last reply
                0
                • Q Offline
                  Q Offline
                  qxoz
                  wrote on last edited by
                  #8

                  I am never used QSslSocket here are some examples:
                  "http://www.developer.nokia.com/Community/Wiki/Sample_QSslSocket_Example":http://www.developer.nokia.com/Community/Wiki/Sample_QSslSocket_Example
                  "http://qt-project.org/forums/viewthread/21401":http://qt-project.org/forums/viewthread/21401
                  "http://doc.qt.digia.com/4.7/network-securesocketclient.html":http://doc.qt.digia.com/4.7/network-securesocketclient.html

                  1 Reply Last reply
                  0
                  • A Offline
                    A Offline
                    andre
                    wrote on last edited by
                    #9

                    Using an SSL socket is not that much more complicated than using a plain TCP socket. If you are going to allow authentication based on a token, you should IMHO not exchange this token in plain text over an open connection. Not unless you really want your application to get hacked...

                    1 Reply Last reply
                    0
                    • Z Offline
                      Z Offline
                      za83
                      wrote on last edited by
                      #10

                      Are there any complete simple examples for server?

                      1 Reply Last reply
                      0
                      • Q Offline
                        Q Offline
                        qxoz
                        wrote on last edited by
                        #11

                        In links above you can find what you need. Read docs and do little bit effort.

                        1 Reply Last reply
                        0
                        • Z Offline
                          Z Offline
                          za83
                          wrote on last edited by
                          #12

                          I did enough efforts but I have never worked with SSL. Example would help me.
                          http://qt-project.org/forums/viewthread/21401 this is server example. But I don't know how can I make it working.

                          This attempt does not work.
                          [CODE]
                          #include <QApplication>
                          #include <QtNetwork/QSslSocket>
                          #include <QDebug>

                          class Server : public QObject
                          {
                          public:
                          void f()
                          {
                          m_socket = new QSslSocket(this);
                          m_socket->setSocketDescriptor(handle);
                          m_socket->setProtocol(QSsl::SslV3);

                              QByteArray key;
                              QByteArray cert;
                          
                              QFile file_key("../ssl/server.key");
                              if(file_key.open(QIODevice::ReadOnly))
                              {
                                  key = file_key.readAll();
                                  file_key.close();
                              }
                              else
                              {
                                  qDebug() << file_key.errorString();
                              }
                          
                              QFile file_cert("../ssl/server.crt");
                              if(file_cert.open(QIODevice::ReadOnly))
                              {
                                  cert = file_cert.readAll();
                                  file_cert.close();
                              }
                              else
                              {
                                  qDebug() << file_cert.errorString();
                              }
                          
                              //qDebug() << key + "\n" + cert;
                          
                          
                              QSslKey ssl_key(key, QSsl::Rsa);
                          
                              QSslCertificate ssl_cert(cert);
                          
                              m_socket->setPrivateKey(ssl_key);
                              m_socket->setLocalCertificate(ssl_cert);
                              m_socket->startServerEncryption();
                          }
                          

                          private:
                          QSslSocket m_socket;
                          };

                          int main( int argc, char **argv )
                          {
                          Server server;
                          server.f();
                          }
                          [/CODE]

                          1 Reply Last reply
                          0
                          • A Offline
                            A Offline
                            andre
                            wrote on last edited by
                            #13

                            Of course not! You are not even creating an application object, you are not starting an event loop, etc. Did you actually look at the examples that were referenced?

                            1 Reply Last reply
                            0
                            • Z Offline
                              Z Offline
                              za83
                              wrote on last edited by
                              #14

                              I worked with QT long ago. But I thought this code must be though compiling. Isn't it?

                              1 Reply Last reply
                              0
                              • SGaistS Offline
                                SGaistS Offline
                                SGaist
                                Lifetime Qt Champion
                                wrote on last edited by
                                #15

                                In addition to what Andre said: Are sure that "../ssl/server.crt" is the right path ?

                                Interested in AI ? www.idiap.ch
                                Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                1 Reply Last reply
                                0
                                • Z Offline
                                  Z Offline
                                  za83
                                  wrote on last edited by
                                  #16

                                  I created an application object but code is still not compiling as I expected.
                                  main.cpp:10: error: no match for 'operator=' in '((Server*)this)->Server::m_socket = (operator new(8u), (<statement>, ((QSslSocket*)<anonymous>)))'
                                  [code]
                                  #include <QApplication>
                                  #include <QtNetwork/QSslSocket>
                                  #include <QDebug>

                                  class Server : public QObject
                                  {
                                  public:
                                  void f()
                                  {
                                  m_socket = new QSslSocket(this);
                                  m_socket->setSocketDescriptor(handle);
                                  m_socket->setProtocol(QSsl::SslV3);

                                      QByteArray key;
                                      QByteArray cert;
                                  
                                      QFile file_key("../ssl/server.key");
                                      if(file_key.open(QIODevice::ReadOnly))
                                      {
                                          key = file_key.readAll();
                                          file_key.close();
                                      }
                                      else
                                      {
                                          qDebug() << file_key.errorString();
                                      }
                                  
                                      QFile file_cert("../ssl/server.crt");
                                      if(file_cert.open(QIODevice::ReadOnly))
                                      {
                                          cert = file_cert.readAll();
                                          file_cert.close();
                                      }
                                      else
                                      {
                                          qDebug() << file_cert.errorString();
                                      }
                                  
                                      //qDebug() << key + "\n" + cert;
                                  
                                  
                                      QSslKey ssl_key(key, QSsl::Rsa);
                                  
                                      QSslCertificate ssl_cert(cert);
                                  
                                      m_socket->setPrivateKey(ssl_key);
                                      m_socket->setLocalCertificate(ssl_cert);
                                      m_socket->startServerEncryption();
                                  }
                                  

                                  private:
                                  QSslSocket m_socket;
                                  };

                                  int main( int argc, char **argv )
                                  {
                                  QApplication app(argc, argv);

                                  if (!QSslSocket::supportsSsl()) {
                                  QMessageBox::information(0, "Secure Socket Server",
                                               "This system does not support OpenSSL.");
                                      return -1;
                                  }
                                  
                                  Server server;
                                  server.f();
                                  
                                  return app.exec(&#41;;
                                  

                                  }
                                  [/code]

                                  1 Reply Last reply
                                  0
                                  • SGaistS Offline
                                    SGaistS Offline
                                    SGaist
                                    Lifetime Qt Champion
                                    wrote on last edited by
                                    #17

                                    Have a look at the declaration of m_socket

                                    Interested in AI ? www.idiap.ch
                                    Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                    1 Reply Last reply
                                    0
                                    • Z Offline
                                      Z Offline
                                      za83
                                      wrote on last edited by
                                      #18

                                      Thanks.
                                      error: variable 'QSslKey ssl_key' has initializer but incomplete type (Solved #include <QtNetwork/QSslKey>)

                                      1 Reply Last reply
                                      0
                                      • Z Offline
                                        Z Offline
                                        za83
                                        wrote on last edited by
                                        #19

                                        How to include libs?
                                        I wrote
                                        [code]
                                        LIBS += -L/C:/OpenSSL-Win32/lib ssleay32.lib libeay32.lib
                                        [/code]
                                        error: ssleay32.lib: No such file or directory

                                        1 Reply Last reply
                                        0
                                        • SGaistS Offline
                                          SGaistS Offline
                                          SGaist
                                          Lifetime Qt Champion
                                          wrote on last edited by
                                          #20

                                          That's not all for m_socket.

                                          Please, search the documentation a bit "Other libraries":http://qt-project.org/doc/qt-4.8/qmake-project-files.html#declaring-other-libraries

                                          Interested in AI ? www.idiap.ch
                                          Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                          1 Reply Last reply
                                          0

                                          • Login

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Users
                                          • Groups
                                          • Search
                                          • Get Qt Extensions
                                          • Unsolved