I have a web application(JAVA/JSP) which serves requests from users. We also provide interface/adapter(JAVA/JSP/php/perl...) to users to connect to our web application. For security reasons we also give a UID and public key to each user after registration with us so that our users can start sending requests to our web application.
Now the users are replicating our key and interface/adapter and using it to send requests from new users without registering with us.
How can we restrict the access in this scenario so that we can identify the duplicate requests? We cannot use IP based restriction because all the duplicate requests are coming from the same IP and it was found in our internal audit and IP based validation already exists in our code and its getting by passed in this scenario.
Aucun commentaire:
Enregistrer un commentaire