How to prevent tampering of contract call from the web?

by fancycat   Last Updated January 14, 2018 03:28 AM

I have a project where users will be calling my contract from the web. I want to ensure they call the contract with exactly the parameters I give them. My strategy was to hash the combo of parameters, sign the hash with my webserver's private key and validate both the hash and signature in the contract.

This is essentially the authentication scheme described here: https://security.stackexchange.com/questions/82716/whats-to-stop-someone-from-just-mitming-a-checksum

What I can't figure out is how to validate the signature on-chain. Based on other discussions here, it seems like this is not possible because it costs too much gas. How do people normally handle this?



Related Questions


Create hash in c# and validate in solidity

Updated January 14, 2018 00:28 AM


How to get two points (x, y) from an encoded pubkey?

Updated October 10, 2018 11:28 AM