Hi everybody at the Linux Forum. I have recently completed some web applications that a client wants to sell from their website. They have a Linux server running CentOS 6 in which I want to deploy the web apps to (5 phone apps and 1 iPad app) the server from which the customer can perform an Over The Air install to their device after payment. The way I would like to carry out the procedure is something like this:
1. On the device get the user to enter some unique ID, just like you do when signing up on a web site.
2. Do a POST to your server that checks against IDs already assigned. We call a server web service that queries the DB; if a match is found, send back to the chooser to try a new ID.
3. If ID is not found, generate a unique code (A GUID in windows), create a record in a user table with the ID and code.
4. Send the code back to the device and store the user id and code in the application.
5. when the user connects they supply the id and code; the server queries the user table and allows the connection if valid.
This protects against pretty much everything except a user giving their id and code to another user. To protect against that you have generate a unique ID on the device and use that with the user and unlock code (so you have three components: device id, userid, and user code). That application-generated code could be encrypted if you really want secure access.
My question is :
(a)Is there something that could be set up similar for a Linux Server
(b) What would this entail and how
(c) I am a complete novice in this area so I would be prepared to pay a fee for good information and code to get this going.