How to Identify whether the Request is Tampered or not

Hi Ranchers,

I have requirement where in which i have to identify whether the incoming request to the server is tampered or not.

Is there any way to identify the tampered request and discard the processing of this request.

Many Thanks,
Chandra K

Depends on your definition of "tampered", I suppose--since a request can be hand-crafted to include *any* information the crafter desires I'm not really sure there's any reliable way to do this.

Here the tampering of data is related to the request parameters.
I am sending two parameters (dealerCode=abc123 and ItemPrice=10,000$) to a Controller .. but after tampering the values the request to the Controller came as dealerCode=abc124 and ItemPrice=10$ ...

Is there any way to identify whether this data is tampered some where in between the client browser and the server.

If it's important that the parameters are not tampered with, then either don't send them in the first place (by keeping them in the server session), or encrypt them.

Ulf Dittmer wrote:or encrypt them.

And even then, they can be tampered with. It's just less likely the tampered with value will be valid.

Chandra: Any request parameters can be tampered with. What are you actually trying to prevent? Certain data from being changed?

1. What is generating the request?
2. How much control do you have over the request generation?
3. Can you use HTTPS instead of HTTP connections?

Bill