G
G
George N2016-03-04 14:19:09
Data protection
George N, 2016-03-04 14:19:09

How to protect web application data?

There is some statistical data processed by our service that is requested by the browser (javascript) from our site.
On a free plan, only the current state, analytics on paid ones.
But you can see the code, sniff it, etc. And make some kind of tool that will request this current data and put it somewhere for itself. Then do your own analytics.
How can you protect yourself from this?
Various keys, codes, encryption - after all, everything is transmitted / generated / stored - you can say in the clear - javascript, after all. Does that mean they don't fit? What other options are there?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Alexey Ukolov, 2016-03-04
@georgas

None.
Everything that is given to the client and processed there can be opened, peeped, reverse engineered.
The only solution is to make it easier to pay you than to bother with your own crutches. If a full-fledged analogue of your service is done in two days, then you can assume that you don’t have a product.
If it takes a month to implement a full-fledged analogue, then no one in their right mind will do this - it's easier to pay than to crutch and then support.
There is a separate category of users who will resist, spend the equivalent of a monthly fee for several years on development, but will do their own thing. Or they will simply make some very limited set of functionality that they need.
You can’t do anything with the first ones, they are inadequate people, not your audience.
But if there is a possibility of a large number of the latter, then you need to make the Rogue tariff for them and they will pay you instead of their programmers.

F
four4, 2016-03-04
@four4

Do not give in a simple / convenient way more than you need at a minimum.
Eliminate the possibility of logical guessing (for example, numbering objects in a row allows you to get objects 3-100500 from the assumption that there are objects 1 and 2).
Limit the number of requests per unit of time.
If you suspect an automated data download, activate the Captcha.

A
Alexander Taratin, 2016-03-04
@Taraflex

Transfer data in encrypted binary form via web sockets.
+ block the console in the browser. How, for example, does Avito
How does Avito block the developer console in the Chrome browser?
Cut off 50 percent of breakers.
For on shared hosting, there is mostly non-customizable php, which is hard to work with web sockets.
The one who can afford vps is likely to buy your tariff anyway.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question