• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to Identify whether the Request is Tampered or not

 
chandra kambham
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ranchers,

I have requirement where in which i have to identify whether the incoming request to the server is tampered or not.

Is there any way to identify the tampered request and discard the processing of this request.

Many Thanks,
Chandra K
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Depends on your definition of "tampered", I suppose--since a request can be hand-crafted to include *any* information the crafter desires I'm not really sure there's any reliable way to do this.
 
chandra kambham
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here the tampering of data is related to the request parameters.
I am sending two parameters (dealerCode=abc123 and ItemPrice=10,000$) to a Controller .. but after tampering the values the request to the Controller came as dealerCode=abc124 and ItemPrice=10$ ...

Is there any way to identify whether this data is tampered some where in between the client browser and the server.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If it's important that the parameters are not tampered with, then either don't send them in the first place (by keeping them in the server session), or encrypt them.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34870
369
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:or encrypt them.

And even then, they can be tampered with. It's just less likely the tampered with value will be valid.

Chandra: Any request parameters can be tampered with. What are you actually trying to prevent? Certain data from being changed?
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13071
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. What is generating the request?
2. How much control do you have over the request generation?
3. Can you use HTTPS instead of HTTP connections?

Bill
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic