Flic Home

    Community

    • Login
    • Search
    • Popular
    • Users

    Flic as a security device

    Developers
    2
    6
    341
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gordon 0
      gordon 0 last edited by

      I was hoping to use flic buttons as a security device. when the flic button does a long click it can be set to run a script on my website. This script can pick up various pieces of information such as the flic serial, the IP of the client, the client's machine make and model etc. I can look up the Flic serial number in a database and get the assigned user's name etc. to display on the clients screen.
      However, there does not seem to be a way to guarantee that the flic button came from a specific client. perhaps two buttons arrive at once.
      The IP might be a shared IP of a common router, the devices could be the same make and model so I cant use that.
      I cannot create local cookies or PHP session variables since those are specific to the user's browser and the triggered script does not use their browser.
      Does anyone use Flic buttons as a security device?
      Any suggestions would be welcome.

      1 Reply Last reply Reply Quote 0
      • Emil
        Emil FlicTeam @gordon 0 last edited by

        @gordon-0 As the "Internet Request" action in the app is designed, it unfortunately does not contain any type of cryptographic signature that you can verify to make sure the request (when received) itself actually originated from the press of the button. The only thing you can do is to provide credentials or something in the headers of the Internet Request, but those you have to design and implement yourself.

        1 Reply Last reply Reply Quote 0
        • gordon 0
          gordon 0 last edited by

          It is connected to the flic app on a user's mobile phone. The internet call on a long press goes via the flic app's internet call to the webserver's script. They use a browser on their phone to run the local script that is paused waiting for the webserver's script to respond in some way to validate they have used an authorised Flic button with a valid serial number. At least that is what I am trying to achieve.

          Emil 1 Reply Last reply Reply Quote 0
          • Emil
            Emil FlicTeam @gordon 0 last edited by

            @gordon-0 I was under the impression you wanted to use WebBluetooth or something, but maybe you are not? In that case, what is the Flic button connected to?

            1 Reply Last reply Reply Quote 0
            • gordon 0
              gordon 0 last edited by

              I was not intending running an app on the clients device, just a PHP script that says "long press your flic button now to gain access to your account" the long press does an internet call to a script on the server. I was hoping that the server script could use the Flic serial number to grant permission to the client script via a database entry or some form of cookie or client/server comms such as ajax/xml once the serial number was validated by the remote script.

              Emil 1 Reply Last reply Reply Quote 0
              • Emil
                Emil FlicTeam last edited by

                Not sure exactly what you are trying to do, but the Flic 2 protocol implements security up to the point where the client of the protocol is.

                See https://github.com/50ButtonsEach/flic2-documentation/wiki/Flic-2-Protocol-Specification. What you can do is therefore to proxy all GATT packets between your script and a server where you want to terminate the end-to-end communication.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post