Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I think I can intercept any packet from my app and change the url, and the params such that the users’ account would de delete / other stuff could be deleted.
How do I protect against this? since the auth_token, and cookie are passed in every packet?
The standard protection agains packet sniffing is to secure your connections with HTTPS.
Here is some info:
http://collectiveidea.com/blog/archives/2010/11/29/ssl-with-rails/