How to prevent modifying "JSON response" by proxy
-
Hey, I want to protect some my project by using HWID Check.
I have sth like this:
manager->get(QNetworkRequest(QUrl("http://server.url/api.php?hwid=HWIDHERE")));
and when HWID is found in Database I got "true" or "false" response.
How to prevent "potential crackers" from just modyfing that value by using proxy? Is it easy?
-
Hi,
If you want to secure your data, the first step is using a secure connection.
Then if it's that precious, you should encrypt your data as well.
-
That's up to you. Securing a connection and securing data are two different things. So you have to decide based on your data modeling and use.
-
Assuming that the attacker is going to try to subvert the network communication then using a secure (HTTPS) connection alone will only slow a determined attacker down by a minute or two (see tools like Fiddler). If the underlying request and response payloads are cryptographically protected (e.g encrypted and signed) and made time sensitive then faking, replaying, or otherwise tampering with the response becomes a harder proposition.
A determined attacker may simply patch the binary to either skip the check or force a positive response.
This is a game of whack-a-mole. How much effort do you want to put in?