Protect the server from "false requests"

3

I am doubtful about safety. When I want to add date or receive, I make an HTTP POST or GET request to my server, which returns the response in JSON. Assuming it is an application that shows a list of movies (returned by the JSON format server). How to hide this user request? For if you use any traffic monitoring program, it will see for example:

HTTP://SERVER.COM/GetFilmes.php

Monitoring other applications, I realize that they make a request only to the server, not to pages. (as above)

What would be the best way to prevent such data from being easily available to malicious people?

    
asked by anonymous 18.12.2017 / 04:23

1 answer

3

If you are trawling the data over HTTPS, through SSL or TLS , all data packet is encrypted : the request itself, the verb (method), the URL, the headers and the parameters.

Through a traffic monitoring application, the monitor will know the maximum of the server and the port that it has connected to, but not the path within the server.

Therefore, the request to the address:

GET https://api.meuservidor.com/confidencial/topsecret/classified?type=007

should look like:

??? https://api.meuservidor.com:443

However, if you are using a browser, the full path and parameters of a GET will still be visible . In other HTTP methods it does not happen.

    
18.12.2017 / 04:52