Client-server requests, how to do it right?

I

IceJOKER2015-01-18 15:10:02

Android

IceJOKER, 2015-01-18 15:10:02

There is a client application and of course there is a responder on the server side.
How can you protect the server from requests outside the client - for example, someone decided to track the request through the client application and decided to communicate directly with the server.
Checking user-agent ? It is possible to replace
And all the rest it seems can be traced (request which is sent to the server).
For example, if I want to make it possible for the application to directly add data to the server (without captcha), the evil uncle can track which request is coming and, based on this, make such requests directly (referer can also be replaced).
Who has experience share)
ps I searched in Google, or searched badly, or there is no answer for my version of the question
pssOPTION WITHOUT AUTHORIZATION / REGISTRATION - or is there no such option?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

O

one pavel, 2015-01-18
@onepavel

In the program, you write the algorithm by which you generate the user id. You interpose this Id into requests. On the server, you check Id , if it is generated correctly, you return a response. If not, you're trolling.

K

Kirill Sadovnik, 2015-01-18
@cyril_sadovnik

Tokens .

F

FoxInSox, 2015-01-18
@FoxInSox

1. Authorization of the client on the server
2. The server returns a token (key) to the
client 3. The client makes all requests with a token.
4. The server checks the validity of the token.
Well, https of course.