I am looking to add some security to my app. My train of thought is:
I add a token, base64LoginString
to my app which is sent in the header of my connection/JSON request.
Do I then need to also add this same token into my PHP scripts / pre-database connection so that before any connection to the database is made it looks to see if the token in the php connection matches that in the header of my Swift script?
I am totally new to security and really just trying to figure out where to start.
let username = "user"
let password = "pass"
let loginString = String(format: "%@:%@", username, password)
let loginData = loginString.data(using: String.Encoding.utf8)!
let base64LoginString = loginData.base64EncodedString()
let myUrl = URL(string: "https://www.mydomain.co.uk/MyApp/userLogin.php");
var request = URLRequest(url:myUrl!);
request.httpMethod = "POST"
request.setValue("Basic \(base64LoginString)", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST";
let postString = "email=\(userEmail!)&password=\(userPassword!)";
request.httpBody = postString.data(using: String.Encoding.utf8);
So with the code above, my hope is that token is currently been sent...
1) Is this true?
2) How do I check and validate this on my server-side connection?
3) If this is not correct, what would be a better approach?