Answer the question
In order to leave comments, you need to log in
How is protection against request forgery implemented in such cases?
Hello everyone)
Let's say there is some web application. For example, a browser game.
The game is divided into levels, and in order to go to the next level, you must complete the current one.
The server stores the correspondence between users and the levels allowed to them.
If the level is successfully completed, a request is sent to the server containing the id of the current level, and the server opens the next level to the user.
In this case, the user can track the desired request, simply substitute another id into it and "pass" the whole game.
What is the easiest way to protect yourself from such fakes?
So far, it only occurs to me to generate a random string as an id, that is, to complicate the selection for the user.
How are such issues resolved?
Answer the question
In order to leave comments, you need to log in
It is necessary to develop an algorithm for signing a request to the server (possibly multi-level).
Perhaps you will develop an algorithm for encrypting the request.
These are the simplest options that give the most effect.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question