dongmeijian1716 2013-11-10 22:02
浏览 37
已采纳

在PHP代码或iOS应用程序代码中存储密码的位置?

Not sure if this is totally code related, but at the least, it's somehow programming/security related.

I have an iPhone mobile app, which sends/retrieves info to/back from my server, which uses PHP to query database. The database needs username and password, unsurprisingly. My question is that I should put the credential in my PHP code or in my iOS app code. If put into PHP page, good thing is that it's on the server, nobody can view the PHP code and gets password, but anyone knows the PHP page can play with it and therefore mess up my db. If put into app code (pass the password to PHP via parameter), good thing is that the PHP page won't function unless password is passed via parameter, but there are couple of disadvantages, I think: password in URL is not safe and password in iOS app in a jail-brake device is not safe either.

One I know a little bit but don't have much know-how is to hash my password in iOS app code, and before passing it to PHP.

  • 写回答

3条回答 默认 最新

  • drqja5919276 2013-11-10 22:09
    关注

    There's lots of ways to do this, I've recently done an app similarly myself. First off, the credentials should definitely live on the server. What you should do is use some sort of hash. The iOS app generates a hash based on several things, a bad example would be

    md5('supersecretkey' . 'asd123')
    

    The first key is in the PHP code and iOS code, the second is randomly generated. So the app calls the script like this:

    script.php?hash=1a79a4d60de6718e8e5b326e338ae533&key=asd123
    

    The script does the function above with the key and the secret key, it now knows that it must have been the iOS app that generated it.

    This is a really simple example of one way of thinking about it, in reality someone could still just decompile the iOS app and get the string, it depends how much you think people are going to try and reverse engineer whatever it is you are writing.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥20 c语言写的8051单片机存储器mt29的模块程序
  • ¥60 求直线方程 使平面上n个点在直线同侧并且距离总和最小
  • ¥50 java算法,给定试题的难度数量(简单,普通,困难),和试题类型数量(单选,多选,判断),以及题库中各种类型的题有多少道,求能否随机抽题。
  • ¥50 rk3588板端推理
  • ¥250 opencv怎么去掉 数字0中间的斜杠。
  • ¥15 这种情况的伯德图和奈奎斯特曲线怎么分析?
  • ¥250 paddleocr带斜线的0很容易识别成9
  • ¥15 电子档案元素采集(tiff及PDF扫描图片)
  • ¥15 flink-sql-connector-rabbitmq使用
  • ¥15 zynq7015,PCIE读写延时偏大