dpz3471 2016-08-16 19:00
浏览 79
已采纳

如何知道我的帖子请求来自PHP服务器中的phonegap / cordova应用程序

Let's say I have a Phonegap / cordova app and I want to make requests to my server with POSTs and GETs throught AJAX.

How can I secure my php file to do only if the post come from my app. E.G.

if($_POST["key"]==$secret_key_got_from_server) {
   // Do the things
}

I wanted to create a secure unique key with openssl, but if I hardcode it in the code to send it throught AJAX, anyone could just decompile my source code and get the key and do whatever he wants.

How could I make sure my post come from my phonegap app, or how can I securily code that key/token ?

I'm not quite sure if this question should be here or in security SE.

  • 写回答

2条回答 默认 最新

  • drhdjp97757 2017-12-28 19:38
    关注

    How could I make sure my post come from my phonegap app, or how can I securily code that key/token ?

    You can't. Full stop. Reverse engineering exists in the world, and that genie has been out of the bottle for at least 40 years.

    Ask yourself, "Why is it necessary to ensure that the data can only come from my app?" You're very likely trying to solve the wrong problem.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥50 关于#html5#的问题:H5页面用户手机返回的时候跳转到指定页面例如(语言-javascript)
  • ¥15 无法使用此凭据登录,因为你的域不可用,如何解决?(标签-Windows)
  • ¥15 yolov9的训练时间
  • ¥15 二叉树遍历没有报错但无法正常运行
  • ¥15 在linux系统下vscode运行robocup3d上场球员报错
  • ¥15 Python语言实验
  • ¥15 SAP HANA SQL 增加合计行
  • ¥20 用C#语言解决一个英文打字练习器,有偿
  • ¥15 srs-sip外部服务 webrtc支持H265格式
  • ¥15 在使用abaqus软件中,继承到assembly里的surfaces怎么使用python批量调动