在c ++中通过Internet编写客户端服务器更新模块 [英] Write an client server update module via Internet in c++
问题描述
我们正在Microsoft Visual Studio 2012中为Windows 7 64位环境开发一个c ++语言的应用程序。我们想为我们的应用程序添加更新模块(软件和数据库版本更新,如通过互联网的防病毒软件)。
其实我们正在开发一个防病毒软件,我们想在我们的应用程序中添加Update模块。因此,我们应该使用在互联网上工作的安全可靠的方法,并且与其他第三方工具(如代理或防火墙和/或LAN / WAN / MAN网络)以及其他安全约束没有任何问题。还有一点是我们的应用程序是一个流行的软件,它只适用于Windows 7 64位。
我们的服务器是Linux Ubuntu。用户应用程序应该向服务器发送请求以下载新版本的软件或新签名和服务器,在检查信任用户和最新版本的软件和签名数据库之后,为用户应用程序发送更新。所以我们研究了开发这个模块的方法,发现我们可以使用Server / Client或Web Service方法。还有一些问题:
1_除了服务器/客户端和Web服务之外还有其他方法吗?
2_之间有何不同这些方法?
3_哪一个对我们更好?
4_是否有任何有用的工具包或框架可以通过这些方法快速安全地开发我们的更新模块?
5_是否可以发送和接收文件作为网络服务或不?
谢谢
我所拥有的几乎所有严肃的软件(包括我使用过的免费杀毒软件)都使用http来下载更新(我知道这是因为家用机器上的防火墙警告/设置)。从网络角度来看,更新仅仅意味着下载数据。为此,我将设置一个简单的HTTP服务器,在指定的位置,如果更新包含更多文件,我总是替换最新更新的链接或最新的更新描述配置文件/目录。在客户端我会使用libcurl作为http客户端。忘记网络服务,为什么你想要在下载数据时想要复杂化你的生活?正如我所说的服务器所有你需要的是纯粹的标准http服务器和作为http客户端你可以使用预先写好的。
确保您的防病毒软件没有下载并使用其他网站的数据(例如,由于劫持客户端连接),您可以执行以下两种方法:
1.下载纯粹的简单http数据,并确保所有下载的数据都经过数字签名。客户端(防病毒程序)包含一个烧毁的修复公钥,在家里(在你的办公室)你使用私钥进行签名。
2.使用https。设置https服务器,使其使用您从受信任来源(如VerySign)创建或获取的一个特定证书。它足以为此目的使用自制的自签名证书,原因如下:在客户端下载时告诉客户端某种方式允许它只接受一个特定的证书(你可以用libcurl和特定的证书来做回调,您可以在其中设置接受的证书列表/存储)。因为在客户端上你只允许ssl连接只有一个已知你不必购买/获得签名证书的特定服务器,所以可以起诉自签名。这样,没有人会说嘿,连接到这里并从这里下载数据而不是原始服务器!。
我自己更喜欢方法#1,因为它通过不使用ssl来减轻服务器上的压力。
1。他们是一样的。在webservice中你只能坚持使用xml。
2.协议CS -free /但webservice xml。
3. CS - >自己的协议(提示:json)
4.在C#中提供的是webservices:-O
避免clickonce技术我不能正确签名
We are developing an application in c++ language in Microsoft visual studio 2012 for windows 7 64bit environment. We want to add an update module for our application (software and database version update like an antivirus via internet).
Actually We are Developing an antivirus and We want to add Update module into our application. So We should use an secure and reliable method that worked on the internet and does not have any problem with others third party tools like proxy or firewall and/or LAN/WAN/MAN networks and the other security constraints. And other things is that our application is a popular software and it is just for windows 7 64bit.
Our server is Linux Ubuntu. The user application should send a request to server for downloading new version of software or new signatures and Server ,after checking trust user and last version of software and signature database, sends updates for the user application. So We researched on methods for developing this module and found out that We can use either Server/Client or Web Service method. still there are some Questions:
1_Is there any other method than Server/Client and Web Service?
2_What is different between these methods?
3_Which one is better for Us?
4_Is there any useful toolkit or framework for rapid and secure development of our update module by these methods?
5_Does it possible send and receive files as a web service or no?
Thanks
Almost every serious software I have (including the free antivirus software I have used) used http to download updates (I know this because of the firewall warnings/setup on my home machine). From a networking perspective updating means nothing more, just downloading data. For that purpose I would set up a simple HTTP server on which at a specified location I always replace a link to the latest updates or to the latest update description config file/directory if the update consists of more files. On the client I would use libcurl as a http client. Forget about webservices, why do you want to complicate your life when all you want is downloading data? As I said for server all you need is a pure standard http server and as a http client you can use a prewritten one.
To make sure that your antivirus software doesn't download and use the data from other sites (for example as a result of hijacking the client connection) you can do the following two methods:
1. Download the data with pure simple http and make sure that all the downloaded data is digitally signed. The client (the antivirus program) contains a burnt-in fix public key and at home (in your office) you are using the private key to do the signing.
2. Use https. Setup the https server so that it uses one specific certificate you create or acquire from a trusted source (like VerySign). Its enough to use a home-made self signed cert for this purpose for the following reason: In the client when you download tell the client somehow that it is allowed to accept only that one specific certificate (you can do that with libcurl with a specific callback in which you can set the accepted cert list/store). Since on the client you allow ssl connection only with one specific server that is known you dont have to buy/acquire a signed cert, its okay to sue a self-signed. This way noone will be able to lie that "Hey, connect here and downloaded data from here instead of the original server!".
I myself prefer method #1 because it puts less stress on the servers by not using ssl.
1. they are the same. In webservice you only stick to xml.
2. the protocol CS -free / but webservice xml.
3. CS -> own protocol (tip:json)
4. in C# are webservices available :-O
Avoid clickonce technology i you cant sign properly
这篇关于在c ++中通过Internet编写客户端服务器更新模块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
