i in process of designing mvc5 web application financial purpose , have security related question.
the example quotation of flow is:
- user requests quotation server
- user presented quote £100
- user submits form accept quote (sends value presented server in post).
is possible malicious user update data maliciously presented them on client (change quote £100 £50) before submit button pressed post data server?
i know possible intercept post request , modify using various tools.
that depends on transport security measures in place, security of user's machine. so, basically, without more information: yes, possible, see mitm more information exceeds so's limits.
edit: question, of course user can manipulate it's own post request, example using developer tools come browsers.
the server should validate user input various reasons can , remember it's original quote. if via whatever way (forged request, mitm, ...) not right, server should detect that.
simply believing users post not enough effort, security-wise.
Comments
Post a Comment