Reputation: 815
How to avoid response maniputaion for OTP verification
I have OTP verification functionality & front end(React JS) is sending request to Backend(rails) and depending on response I'm setting mobile verified as true or false on front end.
Success response:
HTTP/1.1 200 OK
{"success":true}
Unprocessable Entity response:
HTTP/1.1 422 Unprocessable Entity
{"success":false}
When user is getting unprocessable entity, user is changing the response using Burp Suite & sending modified response to front end
HTTP/1.1 200 OK
{"success":true}
Front end has logic to set mobile verified on received response only.
Thought of adding OTP in response & verifying it on front end but user can also stub that.
How can I avoid this?
Upvotes: 0
Views: 559
Answers (1)
Reputation: 3659
You have to protect the channel with TLS (HTTPS), so no third party can change the data without your knowledge. All other means of protection you can implement are secondary as related to this.
Upvotes: -1
Related Questions
- Otp Verification in nodejs?
- Otp verification in react native
- How to auto verify OTP in React Native on android?
- Otp Verification in laravel
- How to use OTP for authentification
- Save OTP for verification
- OTP-only authentication
- How to add OTP/Captcha for login in rails app
- How to authenticate otp entered by user from browser in database?
- How to verify multiple OTPs using the prompt in browser?