|
|
|
|
|
|
by LukeShu
4108 days ago
|
|
|
As rainmaking said, I don't believe that there is a way you can fingerprint the running code in a non-spoofable way. Whatever protections you put in the design could be bypassed by having a proxy layer dispatch two requests for each request received: one to the actual application, and one to evil_application. I believe that the best route to take that is most in-line with your goals would be to design it such that the server-side is untrusted from a security standpoint. Have the client process the data, and only give encrypted or sanitary data to the server side. Don't trust the server with anything other than availability. |
|
|
You probably shouldn't even be trusting any one server even with that!