0

Let's picture the following scenario:

  • Bob talks Alice using HTTP/HTTPS
  • Bob want Alice to send him some data ex: /rest/getAllItems. + some token auth
  • Eve intercept the packet and send it to Alice without even knowing what it contains
  • Alice verify the request token contenent (signature etc...) and send the respence to Eve instead of Bob.

How to prevent such scenario from happening.

salutent
  • 43
  • 1
  • 3
  • And... how exactly are you meant to protect yourself from something that would already mean there is a security breach somewhere that you have no control over? MitM-attacks are usually outside what you can control, and to protect yourself against it, you will need to have end-to-end encryption, or something that makes transmissions go through random jumps, caught on both sides continuously. Basically, you have no control over this - you can run checks on specifics - IP, hardware-signatures, and so on, and if those don't match, refuse the connection, but those can be faked. – junkfoodjunkie Apr 11 '17 at 08:38
  • Well there is reason why I'm posting this here because I figured that checks on specific Ip-hardware signature could be faked, I'm simply looking if my concerns really don't have a solution from my part (server owner & application maker) – salutent Apr 11 '17 at 08:43

0 Answers0