I have an application winform client written in C# and a Server application written in php.
I need to validate an operation that the client does at the server.
When the client sends this validation it sends to the server some information like LicenseID , Info Points , and other info that I dont want to be spoofed. I want to prevent fake calls to the server.
The first solution that I used was 3DES to prevent anyone from seeing the clear data that I send via GET and POST methods to the php webserver.
The problem now is that some information like LicenseID and others are always the same.
So even if I encrypt them in 3DES, for each call those encrypted words are always the same and could be easily spoofed.
I want to know if it’s possible to send the data, so that they look different in each GET and POST method and I can decrypt in webserver.
What can I change to make each call different from each other while providing the same data?
Update: I forgot to say that I can’t use SSL.
Maybe you could use a random salt on each information based on some key like the current date, or a pseudo-random salt using the same key in the client and the server. Then you could crypt it all with 3des.
You should also use https after crypting the info. Get an SSL certificate for that.