Results 1 to 3 of 3
  1. #1
    Minchan is offline Member
    Join Date
    Jan 2014
    Posts
    4
    Rep Power
    0

    Default Safety Concerns using Input Streams

    Good Day,

    I have been wondering how safe it is to send variables via POST, process them, receive them back as an echo, send that to another class and compare them there to make decisions within the rest of the program depending on the received data.
    In other words, is it somehow possible to decompile the class to check for which expected value the if decision becomes true and inject said value in order to bypass this if-barrier?

    Thanks in advance!

  2. #2
    gimbal2 is online now Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    3,669
    Rep Power
    5

    Default Re: Safety Concerns using Input Streams

    If it runs on a server - not really, you'd have to break in first. If it runs on the local client - certainly, easily.

    You can also install a HTTP sniffer and see what is transmitted without doing any decompilation stuff. then create requests outside of the application.
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  3. #3
    Minchan is offline Member
    Join Date
    Jan 2014
    Posts
    4
    Rep Power
    0

    Default Re: Safety Concerns using Input Streams

    I was referring to the client-side application, the Java Application. I'm sending variables to the PHP script, compute them and send back 1 or 0 depending on the result. The client makes a decision based off that response. My concern would be somebody injecting a 1 (for the if checkpoint to become true) in that place to fake out having gone via the PHP script. Or maybe even making an own PHP script that sends the wanted result.

    The 1 and 0 thing is also not set in stone. I did get the idea of using two MD5-checksums instead to provide at least some additional safety but that's still not the bee's knees facing the fear of catching those streams and injecting the MD5 String being asked for.

    The PHP Script will be running on a Server, at the moment I am using a localhost for developing purposes.
    Last edited by Minchan; 01-27-2014 at 05:16 PM.

Similar Threads

  1. Replies: 7
    Last Post: 10-11-2011, 03:41 PM
  2. Closing input streams
    By twiggy62 in forum New To Java
    Replies: 3
    Last Post: 03-08-2010, 12:49 PM
  3. Replies: 7
    Last Post: 02-24-2010, 08:00 PM
  4. Runtime.exec(), handling input and output streams
    By crookshank in forum New To Java
    Replies: 0
    Last Post: 06-05-2008, 02:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •