Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
flm2012-03-31 18:09:34
JavaScript
flm, 2012-03-31 18:09:34

HTTP request to the server api from the plugin. How to protect yourself from spoofing on the server

Perhaps it was not possible to put the right meaning in the title.
More fully the problem looks like this. A chrome plugin is being written that works with the server api. How to be so perverted and for sure determine on the server that it is this plugin that sends requests to it. Weed out other requests.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
E
egorinsk, 2012-03-31
@egorinsk

No way.
You can make life a little more difficult for the “forgers” by sending a request via HTTPS, encrypted POST without parameters, only a binary body, and setting the wrong HTTP headers (if the right ones came, it means a fake, let them sit and wonder why, miserable people). The server must also respond non-standard (always with the code 200), a binary response.
But we'll still hack if need be.

Report
A
avalak, 2012-03-31
@avalak

Why not use OAuth ?

Similar questions
A
AlexCruel2021-03-20 18:57:19
Is it necessary to create a separate GA for a site's sub-domain? 2Reply
Y
Yrets1692021-03-22 15:59:27
How to properly pull from two mysql tables? 3Reply
R
Rain Summers2015-04-07 12:24:11
phpstorm. How to disable non-disabled "Inspections: cannot resolve file"? 5Reply
I
ildar-meyker2022-01-20 18:30:09
Who has a Macbook Air and what are the temperatures? 2Reply
L
Ledauph12022-01-21 15:51:46
How to open a second window via a button in PyQt5? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question