Answer the question
In order to leave comments, you need to log in
J
J
jeruthadam2018-12-28 14:17:08
jeruthadam, 2018-12-28 14:17:08
What methods of guaranteed non-substitution of data from the client exist?
Yes, I understand that everything that flies away from the client can be changed, but I ask about something else.
Let's say my script generates the string "Hello" at some point. I need to deliver it to the server and ensure that this data has not been tampered with. Those. You need something like a data signature. This is similar to the case with JWT, but in this case, I cannot sign the token on the client, because To do this, I need to transfer the secret to the client, which means that anyone can take this secret and sign their data.
What other ways are there?
2 answer(s)
@jeruthadam
A
Alex, 2018-12-28 @jeruthadam
I don't think so. In the very formulation of the problem, you have something: the client obviously knows nothing about the server. Then if we imagine a parallel process of client B that completely duplicates the work of client A, then at some point in time, data from client B can be transferred to the server instead of client A.
HTTPS / SSL just exists to solve such problems, including number. Just use it - no one will change anything (well, except for cases with certificate interception, but this is another level).
Similar questions
D
T
E
R
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question