Answer the question
In order to leave comments, you need to log in
What methods of guaranteed non-substitution of data from the client exist?
Yes, I understand that everything that flies away from the client can be changed, but I ask about something else.
Let's say my script generates the string "Hello" at some point. I need to deliver it to the server and ensure that this data has not been tampered with. Those. You need something like a data signature. This is similar to the case with JWT, but in this case, I cannot sign the token on the client, because To do this, I need to transfer the secret to the client, which means that anyone can take this secret and sign their data.
What other ways are there?
Answer the question
In order to leave comments, you need to log in
I don't think so. In the very formulation of the problem, you have something: the client obviously knows nothing about the server. Then if we imagine a parallel process of client B that completely duplicates the work of client A, then at some point in time, data from client B can be transferred to the server instead of client A.
HTTPS / SSL just exists to solve such problems, including number. Just use it - no one will change anything (well, except for cases with certificate interception, but this is another level).
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question