FireFox Add on - Tamper Data Problem

How to prevent data tampering in FireFox?

Page 1 of 1

2 Replies - 4082 Views - Last Post: 09 November 2009 - 07:09 AM

#1 java.assembly  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 09-November 09

FireFox Add on - Tamper Data Problem

Post icon  Posted 09 November 2009 - 12:48 AM

Dear All,
This is question of web developement.
In FireFox there is an add-on like "tamper data".
Using this one can manipulate the post data of the form.
How can we prevent this?
any suggessions..? any idea...?

Regards,
Samir
Is This A Good Question/Topic? 0
  • +

Replies To: FireFox Add on - Tamper Data Problem

#2 Oler1s  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1395
  • View blog
  • Posts: 3,884
  • Joined: 04-June 09

Re: FireFox Add on - Tamper Data Problem

Posted 09 November 2009 - 05:09 AM

Quote

How can we prevent this?
Uh, you can't? That's why you don't trust the client and data sent by the client...
Was This Post Helpful? 0
  • +
  • -

#3 dsherohman  Icon User is offline

  • Perl Parson
  • member icon

Reputation: 226
  • View blog
  • Posts: 654
  • Joined: 29-March 09

Re: FireFox Add on - Tamper Data Problem

Posted 09 November 2009 - 07:09 AM

Can't be done. HTTP traffic is just plain text and, even if you could completely lock down every browser in the world, I could still telnet to port 80 and send the server whatever request (with whatever data) I want. No browser required. (Using HTTPS instead of plain HTTP would slow me down ever-so-slightly, because I can't do SSL crypto in my head and would need to find/make an SSL-enabled telnet client first, but it wouldn't stop me.)

Even with undocumented protocols using custom clients, such as, say, multiplayer games, people can reverse-engineer the data format and use that information to write auto-aimers, clients that let them see through walls, and other kinds of cheat-bots. Once you send data to the client, you have no control over what will be done with it, nor do you have any control over what they'll send back to you.

This is why the first rule of networked programming is to never trust what the client sends you. Always check it before you use it and ignore or reject anything that isn't valid.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1