|No such thing as a small change|
A question about web service securityby Anonymous Monk
|on Aug 05, 2011 at 11:31 UTC||Need Help??|
Anonymous Monk has asked for the
wisdom of the Perl Monks concerning the following question:
Suppose I have a web service used for increment/decrement uses' refos.
It may has these fields:
The problem is, how can I know whether it's sent from firebug by a programmer or from my system?
I should respond to the action only if it's from my system.
The context is actually in a web game, where my system should increment the user's refos when some task is finished. But how do I deal with faking?