Protect the server from "false requests"



  • I'm sure about security. When I want to add date or receive, I make an HTTP POST or GET request to my server, which returns the answer in JSON. Supposing it is an application that shows movie list (returned by JSON format server). How to hide this user request? Because if you use some traffic monitoring program, it will see for example:

    HTTP://SERVER.COM/GetFilmes.php
    

    Monitoring other apps, I realize that they only request pro server and not for pages. (as above)

    What would be the best way to prevent this data from being easily available to malicious people?



  • If you're messing up the data through HTTPS, through https://pt.stackoverflow.com/questions/9216/diferen%C3%A7a-entre-os-protocolos-tls-e-ssl , https://en.wikipedia.org/wiki/Transport_Layer_Security : the request itself, the verb (method), the URL, the headers and the parameters.

    By means of a traffic monitoring application, the monitor will know at most the server and the port that connected, but not the path inside the server.

    Therefore, the request for the address:

    GET https://api.meuservidor.com/confidencial/topsecret/classified?type=007
    

    must appear as:

    ??? https://api.meuservidor.com:443
    

    Anyway, if you're using a browser, https://stackoverflow.com/a/198473/6241184 . In other methods HTTP doesn't happen.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2