dongmeijian1716 2013-11-10 22:02
浏览 37
已采纳

在PHP代码或iOS应用程序代码中存储密码的位置?

Not sure if this is totally code related, but at the least, it's somehow programming/security related.

I have an iPhone mobile app, which sends/retrieves info to/back from my server, which uses PHP to query database. The database needs username and password, unsurprisingly. My question is that I should put the credential in my PHP code or in my iOS app code. If put into PHP page, good thing is that it's on the server, nobody can view the PHP code and gets password, but anyone knows the PHP page can play with it and therefore mess up my db. If put into app code (pass the password to PHP via parameter), good thing is that the PHP page won't function unless password is passed via parameter, but there are couple of disadvantages, I think: password in URL is not safe and password in iOS app in a jail-brake device is not safe either.

One I know a little bit but don't have much know-how is to hash my password in iOS app code, and before passing it to PHP.

  • 写回答

3条回答 默认 最新

  • drqja5919276 2013-11-10 22:09
    关注

    There's lots of ways to do this, I've recently done an app similarly myself. First off, the credentials should definitely live on the server. What you should do is use some sort of hash. The iOS app generates a hash based on several things, a bad example would be

    md5('supersecretkey' . 'asd123')
    

    The first key is in the PHP code and iOS code, the second is randomly generated. So the app calls the script like this:

    script.php?hash=1a79a4d60de6718e8e5b326e338ae533&key=asd123
    

    The script does the function above with the key and the secret key, it now knows that it must have been the iOS app that generated it.

    This is a really simple example of one way of thinking about it, in reality someone could still just decompile the iOS app and get the string, it depends how much you think people are going to try and reverse engineer whatever it is you are writing.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 有偿求效果比较好的遥感影像匹配的c++代码
  • ¥15 博主,你好,我下载了你的智能网联汽车辅助驾驶安全信息检测系统,现在不会运行,可以教我吗,
  • ¥15 怎么在excle输入下列公式
  • ¥15 Arduino,利用modbus的RS485协议,进行对外置的温湿度传感器进行数据读取
  • ¥15 vhdl+MODELSIM
  • ¥20 simulink中怎么使用solve函数?
  • ¥30 dspbuilder中使用signalcompiler时报错Error during compilation: Fitter failed,求解决办法
  • ¥15 gwas 分析-数据质控之过滤稀有突变中出现的问题
  • ¥15 没有注册类 (异常来自 HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG))
  • ¥15 知识蒸馏实战博客问题