Mathematical Computerscientist, father and nerdy guy next door who loves to fix stuff.
I work as Technical Lead for Roomle and servant to my 18 month old son. Besides that... there is hardly enoug...
This is a good explanation,
But never ever authenticate a client based directly on a string send in plaintext... If I want to impersonate the app like that, I don't need such an attack. Just sniff the traffic of the app. Even easier if there is a web client.
So if that attack poses a threat for your system, please fix the authentication protocol, not only the string compare.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is a good explanation,
But never ever authenticate a client based directly on a string send in plaintext... If I want to impersonate the app like that, I don't need such an attack. Just sniff the traffic of the app. Even easier if there is a web client.
So if that attack poses a threat for your system, please fix the authentication protocol, not only the string compare.