I assume you are talking about the UTN ID in 503+ series phones not the user
ID sent to i-menu content providers.
You can get the UTN of any phone by looking for the serial number under the
battery cover so it would be possible for an impostor to send a user agent
string that could deceive the server.
While the DoCoMo gateway IP address will often change during a single i-mode
session, the reverse DNS of legitimate DoCoMo gateways all end with
"docomo.ne.jp" so detecting this condition will keep anything but real
i-mode handsets out. Doing reverse DNS lookups will add considerably to your
application transaction time though.
Kyle
X-9 DESIGN LAB
http://www.X-9.com
-----Original Message-----
From: keitai-l-bounce@appelsiini.net
[mailto:keitai-l-bounce@appelsiini.net]On Behalf Of Andrew Zaikin
Sent: Friday, April 13, 2001 6:15 PM
To: keitai-l@appelsiini.net
Subject: (keitai-l) How to identify that request is sent by Docomo gateway?
Can someone comment on the following issue, please:
Suppose I'm a content provider for iMode. I have some services (personal
info, customization, etc.) that rely on the handset ID passed by DoCoMo
gateway . The problem is that there's a chance that someone (impostor)
emulates the HTTP-request pretending to be DoCoMo gateway (passing
someone's handset ID) and gets access to this personal data. Is there a
way to prevent this? How can I determine that the incoming request
really is from DoCoMo gateway? If that's impossible, it means that
handset ID cannot be used for anything else than simple session
tracking. Is that correct?
Thanks.
[ Did you check the archives? http://www.appelsiini.net/keitai-l/ ]
Received on Sat Apr 14 04:55:37 2001