I've been planning out a project for quite some time now, and I am trying to figure out this one security flaw. I'm going to be using node and express for the front end and react native for the front end. The application is going to be on mobile devices only. Requests are going to be sent from the mobile device to the server to get data from the database.While I was thinking about the layout of the project I noticed one thing that could cause problems. I see no clear way to verify that requests to the user creation route are real traffic coming from the app other than having a pre-shared secret code that is sent along with the request, and even then the pre-shared secret could be extracted by decompiling the application. I think that there is potential for abuse of this via scripts with cURL to create large quantities of users. Is there any other way to combat this other than the aforementioned pre-shared secret?
Submitted July 26, 2020 at 07:26PM by Oatttts
No comments:
Post a Comment