dq8081 2014-05-19 00:27
浏览 49

如何确保POST数据来自iPhone应用程序或设备?

I'm building an iPhone app that needs to communicate with a PHP api. It will send its data via POST. Not that I have any sensitive data concerns, but I am curious as to how I can ensure that the POST is coming from: the app; or the device; or at least an iPhone.

Jake Wharton's answer on this answer talks about a "known call and response pattern" and I will use that method if there is know other way: How to ensure/determine that a post is coming from an specific application running on an iPhone/iTouch?

I'm not needing SSL or anything, but I will implement low-tech protective measures where possible.

  • 写回答

1条回答 默认 最新

  • douyi3760 2014-05-19 00:38
    关注

    You could use a token string that you send with each request that only your app would know and verify it on the server, but you should probably use SSH so no one can sniff your token.

    edit:

    So my first answer was a little flawed. Another thing you could try is creating a signature by encoding the data you are about to send with some secret key using HMAC and send the signature in the header with your request. Then on the server sign the data again using your secret key and make sure they match. I think this should still be combined with SSL, but I think it can give you a reasonable assurance that the data is coming from your app. Without SSL it would be possible for someone to do replay attacks.

    评论

报告相同问题?

悬赏问题

  • ¥500 52810做蓝牙接受端
  • ¥15 基于PLC的三轴机械手程序
  • ¥15 多址通信方式的抗噪声性能和系统容量对比
  • ¥15 winform的chart曲线生成时有凸起
  • ¥15 msix packaging tool打包问题
  • ¥15 finalshell节点的搭建代码和那个端口代码教程
  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录