|
|
|
|
|
|
by aprescott
4505 days ago
|
|
|
I think any setup which requires the website to respond to requests intended to verify its own authenticity will probably not work. Any verification requests could be passed upstream to a separate running application in order to calculate a valid response. This response would then be passed back to the client. All other requests and code paths would still potentially go through a modified or malicious variant. |
|
|