douzhi7754 2013-08-18 19:09
浏览 43

FTP存储传递和PHP安全通信

i have two questions...both of them are about security issues on android app..

  1. From my app are photos sent to my ftp server,so i need to have stored ftp,user and pass..what is the best way to to that? I am affraid that these values can be easily read from code by reverse engineering..i was thinking about shared preferences but i think it is not enouhg...or to send request to my server which returns pass to ftp server (this is part of second question:)

  2. In app a communicate with php server (create order then in app biling and finally confirmation that order was already paid...i have to write secure communication between android and php..(now android send json data by post method to php server..so if somebody cinds out url and json format of data..he is could create ordef and confirm it)..in app is no login or registration process..i was thinking abou asymetric cryptography with public key on android and private key on server..or maybe SSL is a solution..i am very confused so any advices are welcome..

I dont know how to secure app whne reverse engineering of apk is possible..

  • 写回答

1条回答 默认 最新

  • dqsvnsad79721 2013-08-18 19:47
    关注

    1. Instead of using FTP create simple API for your application which allows to post an image. That would be better and more secure solution. Android has few built-in methods for HTTP POST requests.

    2. SSL secures just communication between. Most of commonly known applications doesnt store password in files, just use API request to validate credentials and obtain token which will be used in future requests. You can set timeout for this token and create one token per device. This is much safier, because its easier to cancel token than to inform the user that the password was leaked :) Use well-known solutions as mentioned public-private key with autentification tokens (token generated with private key + device specified data such as DeviceID etc). Do not store passwords, even encrypted ones.

    评论

报告相同问题?

  • php语言重命名所有文件和文件夹ftp php
    2017-12-05 19:12
    回答 1 已采纳 If you have: + folder - file1 - file2 + folder with space - file with space ... you curre
  • 使用FTPphp上传文件 html php
    2015-12-25 19:16
    回答 3 已采纳 Use $_FILES["file"]["tmp_name"] instead of $_POST["file"] edit: $file = $_FILES["file"]["tmp_nam
  • 如何使用PHP通过FTP从文件获取chmod权限 php
    2019-04-30 01:06
    回答 1 已采纳 If you are using PHP 7.2 and newer and your FTP server supports MLSD command, it's easy, as you ca
  • PHP和MySQL Web开发第4版pdf以及源码
    2015-10-13 09:10
    15.3 易用性,性能、成本和安全性 15.4 建立一个安全政策 15.5 身份验证原则 15.6 加密技术基础 15.6.1 私有密钥加密 15.6.2 公有密钥加密 15.6.3 数字签名 15.7 数字证书 15.8 安全的Web服务器 15.9 审计...
  • 我有问题让ftp_delete在PHP中工作[重复] php
    2019-01-18 21:44
    回答 1 已采纳 I figured it out thanks to Barmar. I needed to empty the contents of the directory first and then
  • PHP中仅从FTP服务器下载新图像 php
    2017-03-27 11:32
    回答 3 已采纳 To download only files that do not exist locally yet, or are newer than the local copy, use: $fil
  • php中的ftp_connect失败 php
    2016-01-28 13:44
    回答 1 已采纳 You need to install ssh ftp extension, you can view the download documentation here When you have
  • PHP和MySQL Web开发第4版
    2014-08-13 15:32
    15.3 易用性,性能、成本和安全性 15.4 建立一个安全政策 15.5 身份验证原则 15.6 加密技术基础 15.6.1 私有密钥加密 15.6.2 公有密钥加密 15.6.3 数字签名 15.7 数字证书 15.8 安全的Web服务器 15.9 审计...
  • PHP - 将图像资源上传到FTP php
    2013-09-04 21:41
    回答 1 已采纳 PHP doesn't have a function to write a string through ftp. You would have to write the file to dis
  • php ftp连接时间过长的问题 php
    2015-07-14 02:19
    回答 2 已采纳 这些都会有超时保护机制,不然会一直占用连接,导致系统资源耗尽 所以你需要检查一下你的超时发生的原因,同时配置好超时机制,超时时,你需要做一些异常处理。
  • PHP:从ftp服务器获取文件(proftpd) php
    2014-02-06 11:46
    回答 1 已采纳 SOLVED: ftp_pasv() right after ftp_login(), but NOT after ftp_connect and everithing works fine :)
  • PHP和MySQL WEB开发(第4版)
    2013-05-31 13:23
    15.3 易用性,性能、成本和安全性 15.4 建立一个安全政策 15.5 身份验证原则 15.6 加密技术基础 15.6.1 私有密钥加密 15.6.2 公有密钥加密 15.6.3 数字签名 15.7 数字证书 15.8 安全的Web服务器 15.9 审计与日志...
  • php ftp警告权限 php
    2014-05-17 11:11
    回答 1 已采纳 Ok my sweet mistake ;-) 1) change local file to server file... public function download_file($pa
  • PHP基础知识解析:探索PHP编程的核心概念和技巧
    2023-06-23 13:30
    未知百分百的博客 PHP是一种广泛使用的开源服务器端脚本语言,被用于开发动态网页和Web应用程序。它的灵活性和易学性使其成为众多开发者的首选语言。如果你对PHP感兴趣,以下是一个简单的入门介绍,帮助你快速了解它的基本概念和用法...
  • PHP程序开发范例宝典III
    2010-01-07 17:31
    PHP程序开发范例宝典》全面介绍了应用PHP进行网站开发的各种技术和技巧。《PHP程序开发范例宝典》分为20章,内容包括PHP的运行环 境配置、表单及表单元素的应用、CSS与JavaScript脚本的应用、验证控件、构建PHP...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 微信小程序协议怎么写
  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看