Reputation: 3991
Protect HTTP request from being tamper
I'm using a public API for my web app and iPhone app. My app performs basics CRUD operations into a database.
As the client key of the API is sent in the HTTP request header, it will be easy for malicious users to dump that key and tamper datas initially passed to the request (with the Tamper Data Firefox plugin for example)
So here's my simple question : what are the best practices for being protected from this ? How can I programmatically detect the different cheating cases before sending datas to the database ?
Upvotes: 3
Views: 2011
Answers (2)
Reputation: 616
SSL won't serve the purpose. HTTP/HTTPS requests can be tampered before it is sent to the server. The best way is to encrypt the data before the HTTP request is generated.
Upvotes: 6
Reputation: 50613
Serving your webservice in HTTPS rather than HTTP would prevent anyone from sniffing your key on the wire.
Upvotes: -1
Related Questions
- How to prevent user from modifying REST request?
- How to protect web API request call from third-party tools such as Postman?
- Can you modify the body of an outgoing HTTP request?
- Is there a way to make HTTP request headers immutable?
- Advanced HTTP POST Protection?
- Tamper with http requests programmatically
- Abusing HTTP POST
- HTTP POST Vunerable to change?
- Protect HTTP request from being called by others
- HTTP 'Get' Security