I have some values sent from the server as a JSON object to the JS client. What is the best way for a client to verify that the answer really came from my server? I want to prevent users from using the client to connect to another server.
I know that a user can change JS on any page, but I expect that viewing thousands of lines of confusing JS is much more difficult than just creating a fake response to pass new values to the client. Checking the answer is just an extra layer of security. It is not intended to provide perfect safety, but simply an extra layer of protection against misuse.
source
share