dpz3471 2016-08-16 19:00
浏览 79
已采纳

如何知道我的帖子请求来自PHP服务器中的phonegap / cordova应用程序

Let's say I have a Phonegap / cordova app and I want to make requests to my server with POSTs and GETs throught AJAX.

How can I secure my php file to do only if the post come from my app. E.G.

if($_POST["key"]==$secret_key_got_from_server) {
   // Do the things
}

I wanted to create a secure unique key with openssl, but if I hardcode it in the code to send it throught AJAX, anyone could just decompile my source code and get the key and do whatever he wants.

How could I make sure my post come from my phonegap app, or how can I securily code that key/token ?

I'm not quite sure if this question should be here or in security SE.

  • 写回答

2条回答 默认 最新

  • drhdjp97757 2017-12-28 19:38
    关注

    How could I make sure my post come from my phonegap app, or how can I securily code that key/token ?

    You can't. Full stop. Reverse engineering exists in the world, and that genie has been out of the bottle for at least 40 years.

    Ask yourself, "Why is it necessary to ensure that the data can only come from my app?" You're very likely trying to solve the wrong problem.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 io.jsonwebtoken.security.Keys
  • ¥15 急,ubuntu安装后no caching mode page found等
  • ¥15 联想交换机NE2580O/NE1064TO安装SONIC
  • ¥15 防火墙的混合模式配置
  • ¥15 Ubuntu不小心注销了要怎么恢复啊
  • ¥15 win10电脑安装完plcsim advanced4.0运行时为什么会提示找不到虚拟网卡
  • ¥15 安装powerbuilder10卡在安装程序正在运行这个页面 没有下一步任何指令
  • ¥15 关于mpi的问题:请问遇到这种情况需要怎么解决,出现这个问题后电脑不能进行mpi多核运行只能进行单核运行
  • ¥50 微信聊天记录备份到电脑提示成功了,但还是没同步到电脑微信
  • ¥15 python怎么在已有视频文件后添加新帧