Forum Feedback Javascript API Security using Domain Whitelist

Problem with the website? Confused about something? Or maybe you just have something you'd like to suggest. This is the place to do it.

Javascript API Security using Domain Whitelist

Postby ruzippizur » June 27th, 2019, 3:55 pm

The game key can be easily discovered through Javascript/Client.

To prevent hacking and abuse, I would suggest having a Domain Whitelist option so the API can only accept client connections originating from a domain or domain list given by the developer. The Google reCaptcha project which is a widely used website verification tool has been using this method (whitelisting domains, including localhost for testing) and it works perfectly.

For Javascript using web to mobile apps like PhoneGap/Ionic, you could have it checked through package names (com.example.app) for validation.

Or is there a way that this can be done through Server C# Code, how?
ruzippizur
 
Posts: 1
Joined: June 14th, 2019, 10:33 am

Return to Feedback



cron