Seeking advice on how to proceed.

gdh22
gdh22 ✭✭

Sorry for the frequent question.


I would like to proceed with client-based result processing.


However, in this case we can do a "Replay Attack", so we want to process the result only once.


What method can I use in this case? Please advise.

Best Answer

  • Tobias
    Tobias admin
    edited August 1 Answer ✓

    With a server plugin running, you'd have to check if you got any message earlier and skip processing.

    A simple approach would be to add a sequence number. This can be hacked easily, of course, if it's just one number somewhere in the data. There should be ways to encode the sequence into the data or you simply encrypt the message.

    Disclaimer: I am not a security expert, nor does the Photon team provide security consulting as such. So consider this a simple idea and make sure you know the implications of this.

Answers

  • Hey guy, try that

    __________________

    private bool replay=false;

    If (replay==false&& otherCondition==true)

    {

    ReplayAttack()

    replay =true;


    }

    /*Then you reset replay to false in other moment that you need to ReplayAttack again*/

  • gdh22
    gdh22 ✭✭

    @Alejandrazo

    Thank you for your reply.

    But the answer I want is to prevent replay attacks on my backend server.

    There is no way to check when the resulting processing is sent from the client to the backend, so when sending the same information over and over again, I want to process the same information only once.

  • Tobias
    Tobias admin
    edited August 1 Answer ✓

    With a server plugin running, you'd have to check if you got any message earlier and skip processing.

    A simple approach would be to add a sequence number. This can be hacked easily, of course, if it's just one number somewhere in the data. There should be ways to encode the sequence into the data or you simply encrypt the message.

    Disclaimer: I am not a security expert, nor does the Photon team provide security consulting as such. So consider this a simple idea and make sure you know the implications of this.