dpz3471 2016-08-16 19:00
浏览 79
已采纳

如何知道我的帖子请求来自PHP服务器中的phonegap / cordova应用程序

Let's say I have a Phonegap / cordova app and I want to make requests to my server with POSTs and GETs throught AJAX.

How can I secure my php file to do only if the post come from my app. E.G.

if($_POST["key"]==$secret_key_got_from_server) {
   // Do the things
}

I wanted to create a secure unique key with openssl, but if I hardcode it in the code to send it throught AJAX, anyone could just decompile my source code and get the key and do whatever he wants.

How could I make sure my post come from my phonegap app, or how can I securily code that key/token ?

I'm not quite sure if this question should be here or in security SE.

  • 写回答

2条回答 默认 最新

  • drhdjp97757 2017-12-28 19:38
    关注

    How could I make sure my post come from my phonegap app, or how can I securily code that key/token ?

    You can't. Full stop. Reverse engineering exists in the world, and that genie has been out of the bottle for at least 40 years.

    Ask yourself, "Why is it necessary to ensure that the data can only come from my app?" You're very likely trying to solve the wrong problem.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 keepalive配置业务服务双机单活的方法。业务服务一定是要双机单活的方式
  • ¥50 关于多次提交POST数据后,无法获取到POST数据参数的问题
  • ¥15 win10,这种情况怎么办
  • ¥15 如何在配置使用Prettier的VSCode中通过Better Align插件来对齐等式?(相关搜索:格式化)
  • ¥100 在连接内网VPN时,如何同时保持互联网连接
  • ¥15 MATLAB中使用parfor,矩阵Removal的有效索引在parfor循环中受限制
  • ¥20 Win 10 LTSC 1809版本如何无损提升到20H1版本
  • ¥50 win10 LTSC 虚拟键盘不弹出
  • ¥30 微信小程序请求失败,网页能正常带锁访问
  • ¥15 Matlab求解微分方程,如何用fish2d进行预优?