Algorithm for communication between the client and the server, requests to the database. Which of these will the hacker intercept?

V

Vadim Mamonov2016-01-22 12:27:02

PHP

Vadim Mamonov, 2016-01-22 12:27:02

Hello. After reading various implementations of secure registration, authorization, a mess has formed in my head, and even more questions have appeared (. Therefore, I decided to create a new topic.
At the moment, I have not done any protection yet, I'm just starting to figure it out. severity).
The most important question, if the answer to it is no, then you can do nothing ...
1.1) Is it possible to implement an average protection of registration, entry, exit, form using communication with the server via ajax, sessions, cookies, user data are stored in the database ?
Also, I don't quite understand where and when a hacker can intercept, etc.
As I think now:
The user sends a page request to the server, he can also send something using (get, post)
1.2) Here I have a question, can a hacker intercept and modify this request, for example, change the get, post data (I think yes)
, if there is a php code on this page, then it will be executed, let's say that requests are still being made to the database
1.3) Can a hacker intercept the text of the request, as well as the result of its execution? (I'm hoping for the worst, I think so)
after executing the php code, the page can be modified (using echo, print), then the resulting version is sent to the user,
1.4) Here is the transfer again, can the hacker intercept and change it , let's change the text of the page, create a form there in which it is written, and enter your login and password again, and the data is sent to its server, where does it already record this data?
his browser starts parsing the resulting page markup, loading some files (pictures there, files with js code)
1.5) I think you have a gift and you may already know the question). Can a hacker change files? Change js code for example?
For example, we have input fields on this page, the user enters data there, we send them to the server via ajax.
1.6) Will a hacker intercept ajax, will he be able to change the data?
The server then does something and sends back the result
1.7) Will the hacker intercept the response?
Can you throw links to an example of the implementation of authorization, registration? (For a beginner)
I would like to see how this is done through ajax.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Andrey, 2016-01-22
@VladimirAndreev

https solves many problems.

A

Adamos, 2016-01-22
@Adamos

Judging by the capabilities that you attribute to this terrible hacker, he is already sitting on your server. It is unlikely that you can somehow protect yourself from it ...

Y

yeti357, 2016-01-22
@yeti357

Answer: yes, it can. Let's say if you connect to wifi in McDuck and go to non-encrypted sites, then the wifi owner can view and change traffic (your requests, responses to these requests, etc.). This problem is solved by https

O

OnYourLips, 2016-01-22
@OnYourLips

Everything can if it has access to the server or client.
And if instead of https you have http, then it can also be on the way from the server to the client (operators, special services, routers, etc.)