Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

Of course not. Anybody can always send anything. You can either make sure nothing they can send can be a lie (by not letting them say various things), or accept that your results are full of lies.

In this case, it sounds well backward that you're somehow letting the client tell you "+/- X refos" rather than "task X completed". But of course how can you be sure that the task is actually completed? Only by calculating it on trusted code (i.e., the server).

That doesn't mean you have to do it real-time, and it doesn't mean it has to be synchronous either. You could do it on the client, and then at the end roll up all the "things the user did" and send them to the server to double-check. Or send stuff as you go along, but assume it's correct before waiting for the server's response, and only rolling back if the server tells you "no, you're lying".

But no matter what you do, you can't get around the law:

Never put anything on the client. The client is in the hands of the enemy. Never ever ever forget this.

Anything code you're running on the user's machine knows, the user knows. Anything it can send to you, the user can send to you, whenever and however often they want. You can try to make it "not worth their time" to do so, but unless you do it by "making nobody care about the results" (which is generally not what you want ;), it's an arms race you're going to lose.

In reply to Re^5: A question about web service security by fullermd
in thread A question about web service security by Anonymous Monk

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    [virtualsue]: my view this morning is of a chap stuffing straw in my roof
    [virtualsue]: I have 5 days left to finish my slides for LPW
    [1nickt]: virtualsue Have you made them tea yet today? (And do you serve Digestives with it?)
    [virtualsue]: Lotus biscuits
    [Discipulus]: mornign nuns and monks!
    [1nickt]: Woah you can get Krispy Kreme doughnut-Lotus Biscoff hybrids!
    [1nickt]: Biscuit technology has evolved since I left the UK, obviously.
    [virtualsue]: we have a jar of the spread: https://www. webapp/wcs/stores/ servlet/gb/ groceries/lotus- caram-spread- smooth-400g?langId =44&storeId=10151& krypto=VEjeoyIieB6 2oiiKUSbS %2Foxs9BpfJxZ95MW6 y6NOiYDYlKgl6SghbS BZf7CU5b6QA00pmYz7 XmfTYYKpoIiUivBBOR y6MI

    How do I use this? | Other CB clients
    Other Users?
    Others about the Monastery: (12)
    As of 2017-11-20 11:47 GMT
    Find Nodes?
      Voting Booth?
      In order to be able to say "I know Perl", you must have:

      Results (286 votes). Check out past polls.