Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Of course not. Anybody can always send anything. You can either make sure nothing they can send can be a lie (by not letting them say various things), or accept that your results are full of lies.

In this case, it sounds well backward that you're somehow letting the client tell you "+/- X refos" rather than "task X completed". But of course how can you be sure that the task is actually completed? Only by calculating it on trusted code (i.e., the server).

That doesn't mean you have to do it real-time, and it doesn't mean it has to be synchronous either. You could do it on the client, and then at the end roll up all the "things the user did" and send them to the server to double-check. Or send stuff as you go along, but assume it's correct before waiting for the server's response, and only rolling back if the server tells you "no, you're lying".

But no matter what you do, you can't get around the law:

Never put anything on the client. The client is in the hands of the enemy. Never ever ever forget this.

Anything code you're running on the user's machine knows, the user knows. Anything it can send to you, the user can send to you, whenever and however often they want. You can try to make it "not worth their time" to do so, but unless you do it by "making nobody care about the results" (which is generally not what you want ;), it's an arms race you're going to lose.


In reply to Re^5: A question about web service security by fullermd
in thread A question about web service security by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others pondering the Monastery: (8)
As of 2024-03-28 10:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found