in reply to Re^2: In a web app, is using ssl, encrypting request data, and validating request data after decryption overkill?
in thread In a web app, is using ssl, encrypting request data, and validating request data after decryption overkill?

It appears to me that it is possible that my *human* instincts think that preventing the client user from making a valid request in the first place is important indeed.

You seem to already be questioning the results of your human instincts, since you posted the question here in the first place. I think you are right to question them, but you may have missed the most important question, which only you can answer:

If the client requests access to something they have no rights to and the server is set up to detect this and deny the request, what harm is done by them asking?

In most cases, the answer is "none", so your encrypted token scheme, by preventing invalid requests, prevents no harm and is pointless overhead. But your case may be an exception to that generality.

  • Comment on Re^3: In a web app, is using ssl, encrypting request data, and validating request data after decryption overkill?

In Section Seekers of Perl Wisdom