Delphi XE2 - 如何获取指定网站的IP?
[英]Delphi XE2 - How to get IP of a specified website?
问题描述
I have a program in which checks a php file on a web server to see if the user is verified. 
我有一个程序,在其中检查Web服务器上的php文件,以查看用户是否已经过验证。 The php files runs through the DB and checks and echos "verified" if they are. php文件在数据库中运行,检查和回声“验证”是否存在。
Now, people are now easily bypassing the verification system by installing Xampp, routing my server to 127.0.0.1 in their hosts file, and then setting a script that echos verified. 现在,人们现在可以通过安装Xampp,将我的服务器路由到其主机文件中的127.0.0.1,然后设置回声验证的脚本,轻松绕过验证系统。
I want to be able to check the IP address of my domain to check if it is routing to 127.0.0.1. 我希望能够检查我的域的IP地址,以检查它是否路由到127.0.0.1。
How would I go about resolving the IP address of a domain through delphi? 我如何通过delphi解析域的IP地址?
1 个解决方案
解决方案1
14 已采纳 2012-11-14 01:39:52
I used to use a similar hack to get around ICQ server-side verifications. 我曾经使用类似的黑客来解决ICQ服务器端验证问题。 Very convenient when I wanted to test alpha/beta builds that I was not invited to :-) 当我想测试我未被邀请的alpha / beta版本时非常方便:-)
Indy, which ships with Delphi, has a TIdStack.ResolveHost() function, and a separate TIdDNSResolver component, which can both be used to get the domain's IP(s). 与Delphi一起提供的Indy具有TIdStack.ResolveHost()函数和单独的TIdDNSResolver组件,它们都可用于获取域的IP。 It also has a TIdStack.LocalAddresses property to retreive the local IPv4 addresses. 它还具有TIdStack.LocalAddresses属性,可以检索本地IPv4地址。 Or you can just use the socket API gethostbyname() or getaddrinfo() functions directly, along with platform-specific APIs to enumerate the local IPs, like the GetAdaptersAddresses() function on Windows. 或者,您可以直接使用套接字API gethostbyname()或getaddrinfo()函数,以及特定于平台的API来枚举本地IP,例如Windows上的GetAdaptersAddresses()函数。
However, rather than having the PHP script simply echo plain-text back to your app, a much more secure option that does not require you to verify IPs is to have your app create a dynamically generated nonce value and send it to the PHP script, then have the script process it, hash it, whatever as needed using an algorithm that only you know, and then send it back to the app. 但是,不要让PHP脚本简单地将纯文本回送到您的应用程序,更安全的选项不要求您验证IP是让您的应用程序创建动态生成的nonce值并将其发送到PHP脚本,然后让脚本处理它,使用只有你知道的算法对其进行哈希处理,然后将其发送回应用程序。 The app can perform the same algorithm and compare the results. 该应用程序可以执行相同的算法并比较结果。 Unless someone takes the time to reverse engineer your app, they will not be able to reproduce your algorithm or fake its results with their custom Xampp scripts. 除非有人花时间对您的应用进行逆向工程,否则他们将无法使用自定义Xampp脚本重现您的算法或伪造其结果。
Even better, use SSL/TLS to encrypt your connection to your domain server, and give your domain server an SSL certificate that your app can verify before it exchanges any data with your PHP script. 更好的是,使用SSL / TLS加密与域服务器的连接,并为您的域服务器提供一个SSL证书,您的应用可以在用PHP脚本交换任何数据之前验证该证书。 If you do just this much, you can continue using the plain-text echo since SSL/TLS will verify you are connected to your domain for you. 如果您这么做,您可以继续使用纯文本回显,因为SSL / TLS将验证您是否已连接到您的域。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.