aspose file tools*
The moose likes Servlets and the fly likes How to Identify whether the Request is Tampered or not Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to Identify whether the Request is Tampered or not" Watch "How to Identify whether the Request is Tampered or not" New topic
Author

How to Identify whether the Request is Tampered or not

chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi Ranchers,

I have requirement where in which i have to identify whether the incoming request to the server is tampered or not.

Is there any way to identify the tampered request and discard the processing of this request.

Many Thanks,
Chandra K
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Depends on your definition of "tampered", I suppose--since a request can be hand-crafted to include *any* information the crafter desires I'm not really sure there's any reliable way to do this.
chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Here the tampering of data is related to the request parameters.
I am sending two parameters (dealerCode=abc123 and ItemPrice=10,000$) to a Controller .. but after tampering the values the request to the Controller came as dealerCode=abc124 and ItemPrice=10$ ...

Is there any way to identify whether this data is tampered some where in between the client browser and the server.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41858
    
  63
If it's important that the parameters are not tampered with, then either don't send them in the first place (by keeping them in the server session), or encrypt them.


Ping & DNS - my free Android networking tools app
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30537
    
150

Ulf Dittmer wrote:or encrypt them.

And even then, they can be tampered with. It's just less likely the tampered with value will be valid.

Chandra: Any request parameters can be tampered with. What are you actually trying to prevent? Certain data from being changed?


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12785
    
    5
1. What is generating the request?
2. How much control do you have over the request generation?
3. Can you use HTTPS instead of HTTP connections?

Bill
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to Identify whether the Request is Tampered or not