Lai Yonghao (http://laiyonghao.com)
The following questions come from our actual needs and are added to the discussion in a popular QQ Group. We have not come up with a good answer. I would like to ask you some advice.
==================
There is a business server process a and B (each with multiple processes). A opens the port and B actively uses TCP to connect to, how does a determine that the connected client is a valid B process?
==================
The following is a supplement:
0. You can introduce the third process C to do something;
1. The processes A and B may run in different IDCs, so the Intranet IP address restriction method is not feasible;
2. Get a VPN and isolate the whole subnet. The cost is too high and unacceptable;
3. We have discussed digital signatures, asymmetric encryption, and so on, but there are pending issues. You are welcome to further discuss them. But if you just want to "take one step, we have already said this;
4. Minimize the number of people involved, and errors may inevitably occur in some places;
5. Use the default ticket, and then use SSL throughout the process, which affects performance and is not intended to be used.
==================
Later, I came up with another story to describe this requirement:
When the jade digging man got a piece of Baoyu, he felt that he should give it to the emperor, but he could not see the Emperor, so he came out and said, "As long as the emperor sends a delegate to the Minister, I asked him to bring Baoyu to the Emperor. "The next day, I came to a group of people who claimed to be the minister of the Qing Dynasty. At this time, how can I identify the real" Qing Dynasty Minister "?
The additional condition is that the jade miner does not know the sword of Shang Fang, nor the Emperor Yu xi. In short, the jade miner does not believe that he is the "real Imperial Minister" because of "Imperial Minister ".
==================
Thank you for your consideration. I don't want a complete solution, so I won't leave you alone to help me solve the solution from start to end. I will give me one or two key terms and I can find the answer myself. Thank you for proving that this problem cannot be solved.