| 摘要 |
A system and method for preventing unauthorized access to a website's sensitive information in which a website web server is located on a public network with a public IP address and known port number, but only performs a listening function. The responding function is located on a separate device on a private network with a private and dynamic IP address and having a randomly assigned port number. The responder has no listening sockets (open ports expecting to receive from client application) and therefore does not listen to the public network, and therefore is not accessible to unauthorized access, much in the way that a private user's PC is not accessible to unauthorized access. The web server having the listening function does not initiate connection with the device having the responding function because its private IP address is unreachable from the public network and unknown, even to the web server, and by virtue of the fact that there are no listening sockets to accept any requests. Instead, the communication link between the device having the responder function and the web server having the listening function is initiated by the device having the responder function.
|
