I need to develop an Excel AddIn which should gather a local information and send it to a backend system which is installed on an IIS (https). In general i want to use https but how can i ensure that the information which was send by the AddIn to the backend really comes from the client/addin and not from any other system/tool? Is there any possibility to do this maybe even without storing any salt within the addin (which is in my opinion also not secure -> reverse engineering)?
Asked
Active
Viewed 88 times
2
-
You can't ensoure that. Why would you need to ensure the data is coming from a specified app? What is your use case? – Marko Vodopija Mar 18 '17 at 19:41
-
hm, how should i explain this ... the problem is, that i dont want to enable the enduser or any bad guy to pretend something to the backend which is not true. Lets say you sit in the US and want to access some data, then i would check you location and send it to the backend app, set your location and any query against this database from your system would be filtered or ok for accessing the data. If you would be outside the us, then you wont be able to access all data instead only a portion would be available for you. – STORM Mar 18 '17 at 19:56
-
1You can't do that. You can't trust the client to deliver that kind of information. Best you can do is infer it on backend. For example using IP address to infer the location. This too can be bypassed but as I said, it's the best thing you can do. – Marko Vodopija Mar 19 '17 at 19:53