dpz3471
dpz3471
2016-08-16 19:00

如何知道我的帖子请求来自PHP服务器中的phonegap / cordova应用程序

  • security
  • cordova
  • php
  • ajax

Let's say I have a Phonegap / cordova app and I want to make requests to my server with POSTs and GETs throught AJAX.

How can I secure my php file to do only if the post come from my app. E.G.

if($_POST["key"]==$secret_key_got_from_server) {
   // Do the things
}

I wanted to create a secure unique key with openssl, but if I hardcode it in the code to send it throught AJAX, anyone could just decompile my source code and get the key and do whatever he wants.

How could I make sure my post come from my phonegap app, or how can I securily code that key/token ?

I'm not quite sure if this question should be here or in security SE.

  • 点赞
  • 回答
  • 收藏
  • 复制链接分享

2条回答