Hello,
my app requires a high level of fraud prevention, to make sure that people don’t fake fake calls to add data to our tables.
Is there any encryption like MD5 when calling
Backendless.Persistence.of(TABLE_NAME).save(RowMap);If not, then will it be best to create a business logic method that updates the table and call it with my MD5 key?Thanks,Tal
Hi Tal,
there is no standard encryption, but you can create beforeCreate event handler https://backendless.com/documentation/business-logic/java/bl_data_service_handler.htm#create
MD5 is a one way hashing algorithm. Suppose data is hashed and stored that way, how are you going to retrieve it in a way meaningful for your app?
To @Sergey:
If I understand correctly the eventHandler is called before the call to the server.
tableUpdatecommand -> eventHandler on device -> backendless server.
so this doesn’t prevent the scenario where someone sends a request straight to backendless server, bypassing any encryption or fraud prevention
to @Mark:
I thought of doing something else. creating an encrypted key that I will send to an API service that I will write,
and only if after the service has the same key, it inserts to the table.
So basically, instead of creating the row from the app, I will call the rest method, and do the table insertion there.
event handler will be called on server, before create object, not on device
Would you recommend using an event handler or calling my own rest service for this kind of behaviour, of passing MD5? Or any kind of hashing?
Tal,
We at support do not make recommendations, this is what our consulting services do ( it costs extra). You can try available approaches and see which one works better for you.
Mark