0

I am making a webapp. A series of ASPX pages that will be only accessible from a browser hidden inside an app.

It is of crucial importance that the only way to access these said pages, is ONLY via the app.

Any tips and suggestions?

edit: my main concern is that users need to be close to a location to read the pages. faking your location using a browser on PC is extremely easy. I would like the pages to not be accessible from a PC as I don't want them access the files unless they are close.

Thanks a lot!

Calamity Ganon
  • 81
  • 2
  • 9
  • Possible duplicate of [Best Practices for securing a REST API / web service](https://stackoverflow.com/questions/7551/best-practices-for-securing-a-rest-api-web-service) – Morrison Chang Aug 02 '18 at 19:13
  • I doubt there's definite way to secure it, but user agent should fit this usage nicely. – Yuya Aug 02 '18 at 20:01
  • @Yuya User agent can be easily faked. That's not secure at all. – mason Aug 02 '18 at 20:17
  • @MorrisonChang It doesn't sound like this is a web service. It's webpages that are being served from a browser embedded inside an app. Your duplicate doesn't apply. – mason Aug 02 '18 at 20:19
  • @mason The techniques for securing a http(s) endpoint are similar enough, the content could be machine readable or human readable. I'm willing to rescind my vote if OP improves the question with what research was done or issue he is encountering rather than ending with "Any tips and suggestions?" – Morrison Chang Aug 02 '18 at 20:35
  • @Morrison Chang obviously there will always be a way to hack into the pages. I'm trying to find ideas for hacks or whatnot from people who did hide a website inside a browser successfully.... without it being breached. Thus the "Any tips and suggestions" – Calamity Ganon Aug 02 '18 at 20:44
  • @ThomasC.Dion Define "breach" as anyone with enough effort can either do a http proxy to see your traffic, and even further decompile your app to get the certificate pinning key. – Morrison Chang Aug 02 '18 at 20:49
  • I will update the question with a bit more detail – Calamity Ganon Aug 02 '18 at 20:51
  • Retracted close since question is clearer. You'll have to figure out how much work you want to put into stopping location hacking. I'll refer to [What good ways are there to prevent cheating in JavaScript multiplayer games?](https://stackoverflow.com/a/5250687/295004), [What is Certificate Pinning](https://security.stackexchange.com/a/84425/90202) and generally [What should every programmer know about security?](https://stackoverflow.com/q/2794016/295004) – Morrison Chang Aug 02 '18 at 21:35

0 Answers0