Answer the question
In order to leave comments, you need to log in
C
C
cirrus_hr2020-05-31 09:23:58
cirrus_hr, 2020-05-31 09:23:58
How to protect client-server interaction from strangers?
In what ways can you protect interaction with the server part, that is, with the database.
Sorry for such a dumb question. =(
1 answer(s)
@cirrus_hr
The answer is simple - authentication and authorization . You need to first understand who made the request, and then determine whether this person has the right to fulfill the request.
For example, for the "send funds" action, you need to check that the money is being sent from an account owned by the user. If not, do not allow the action to be performed.
A
Alexey Ukolov, 2020-05-31 @cirrus_hr
let's say a person in the application pressed the send game funds button, a request is made to the server with a user ID, user ID to whom the money is sent, the transfer amount and the server sends the answer "OK", makes a record in the database, that is, changes the number of game funds. But outsiders can find out the URL where the request is sent and transfer game funds to themselves from other users.On the client side, you can’t protect yourself in any way, all protection must be on the server.
The answer is simple - authentication and authorization . You need to first understand who made the request, and then determine whether this person has the right to fulfill the request.
For example, for the "send funds" action, you need to check that the money is being sent from an account owned by the user. If not, do not allow the action to be performed.
Similar questions
S
G
A
L
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question