Hi guys,
We have a post service receiving pdf's as base64 values in json payload. There is no authorization set in this service because there is used a third party service herefore, which i use later in the MF.
Now I am wondering, could anybody execute a "Man in the Middle" attack to capture the base64 value in the http header? I think this is possible (don't know how exactly, but seen there is not a direct authorization request for the post service).
How should I secure the base64 string then which is sent in the header? Sending as binary and then absolutely with an authorization? What do you guys do in such case.