Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct
How to prevent modifying "JSON response" by proxy
Hey, I want to protect some my project by using HWID Check.
I have sth like this:
and when HWID is found in Database I got "true" or "false" response.
How to prevent "potential crackers" from just modyfing that value by using proxy? Is it easy?
Bonnie last edited by Bonnie
I don't know much about network, but I think at least you should use https.
Yeah I know, current "server" is only for testing, first time doing this.
If you want to secure your data, the first step is using a secure connection.
Then if it's that precious, you should encrypt your data as well.
I will go to more specific forum with this problem, but I will ask it there too. Is it good idea to add another layer of encryption? Like sth before SSL.
That's up to you. Securing a connection and securing data are two different things. So you have to decide based on your data modeling and use.
ChrisW67 last edited by
Assuming that the attacker is going to try to subvert the network communication then using a secure (HTTPS) connection alone will only slow a determined attacker down by a minute or two (see tools like Fiddler). If the underlying request and response payloads are cryptographically protected (e.g encrypted and signed) and made time sensitive then faking, replaying, or otherwise tampering with the response becomes a harder proposition.
A determined attacker may simply patch the binary to either skip the check or force a positive response.
This is a game of whack-a-mole. How much effort do you want to put in?