If you are a registered provider this is not an issue because you are on an
internal (to the DoCoMo walled garden) DNS system. Any access to your site
by its internal host name will have to have passed DoCoMo's gateway.
If you are a public (katte) site the problem remains.
> -----Original Message-----
> From: keitai-l-bounce@appelsiini.net
> [mailto:keitai-l-bounce@appelsiini.net]On Behalf Of Andrew Zaikin
> Sent: Friday, April 13, 2001 6:15 PM
> To: keitai-l@appelsiini.net
> Subject: (keitai-l) How to identify that request is sent by
> Docomo gateway?
>
>
> Can someone comment on the following issue, please:
>
> Suppose I'm a content provider for iMode. I have some services (personal
> info, customization, etc.) that rely on the handset ID passed by DoCoMo
> gateway . The problem is that there's a chance that someone (impostor)
> emulates the HTTP-request pretending to be DoCoMo gateway (passing
> someone's handset ID) and gets access to this personal data. Is there a
> way to prevent this? How can I determine that the incoming request
> really is from DoCoMo gateway? If that's impossible, it means that
> handset ID cannot be used for anything else than simple session
> tracking. Is that correct?
>
> Thanks.
>
> [ Did you check the archives? http://www.appelsiini.net/keitai-l/ ]
>
[ Did you check the archives? http://www.appelsiini.net/keitai-l/ ]
Received on Mon Apr 16 04:58:02 2001