Home Ask Login Register

Developers Planet

Your answer is one click away!

FancyNancy February 2016

Preventing post data forgery

Supose i have a js game, with a score and "publish score" button. This button will send POST request to php script and that script then will add score to the database. The thing is, user can see in the browser to what page app is sending post data, hence he can forge it by sending any number he can come up with. This is like CRSF, but the token won't help, because user can see it too. I've been thinking about this problem for a while and haven't came up with any 100% working solution.


Soundz February 2016

Everything you do on the client can't be trusted.

I'd try to add my own little encryption which can be reversed by me. I guess even something basic like displaying numbers as chars, 1 = F, 2=p, etc... and by adding some random junk to make a string like asdzf7erwhbrdfm0[encryptedscore]0jkfsdgfadsegajband then removing everything between the zeroes.

Post Status

Asked in February 2016
Viewed 2,070 times
Voted 6
Answered 1 times


Leave an answer

Quote of the day: live life