Lets suppose you have a web app that has already been complied , and you do not have access to the source code.
this web app has the web server integrated into it , so modifying the web server is not an option.
this app queries a db with sensitive data in it directly.
modifying the app itself to send the token with resource requests would also not be an option.
What is the best way to add proper token authentication to this web app ?
Modifying the index pages of this app to communicate with server and redirect if the token is not legit , and obfuscating this Javascript could be an option ? but I don't really like the idea of this...
I'm thinking there must be an elegant solution to this problem ?
I'm fairly new to token authentication, so I apologize if this is a stupid question.
Aucun commentaire:
Enregistrer un commentaire