douzhantao2857 2015-11-24 08:55
浏览 44
已采纳

保护移动应用的服务器端页面[关闭]

I am building a mobile app that needs server side processing. I have created the server side using LAMP and the app just calls the respective php pages using an URL to request data. For example for signup I have created signup.php and app calls signup.php to verify login credentials of the app. I also have php scripts to say pull product information for the product the user is requesting. At this time these PHP pages are publicly accessible even though they would return a blank page. However how do I ensure these PHP pages are only accessible to my mobile application? How do I make it more secure?

Additionally the user on the mobile only needs to sign up once. Once signed up he stays logged in perennially until he uninstalls the app.

  • 写回答

1条回答 默认 最新

  • doupo5861 2015-11-24 09:16
    关注

    What you could do, is to have per device authentication. When your user goes to sign up in the app, app sends request to the server with credentials. If the credentials are OK you generate a unique hash. You store this hash close to the user - either directly to users table, or to a table that is in relation (depends if you allow multiple devices signed to one user). This hash will be send with every request to the server. Based on the hash you look-up the user and you know who you're dealing with.

    This hash can be, once in a while, regenerated (you send new hash to the device and that stores it again).

    Also, you can use some secrete key to create a checksum for every request. Than you create checksum on server as well and compare. Be aware though that, if the key is stored in the code, anyone can get it. This key can be sent from the server as well.

    It's probably obvious that the server should be on HTTPS.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 MapReduce结果输出到HBase,一直连接不上MySQL
  • ¥15 扩散模型sd.webui使用时报错“Nonetype”
  • ¥15 stm32流水灯+呼吸灯+外部中断按键
  • ¥15 将二维数组,按照假设的规定,如0/1/0 == "4",把对应列位置写成一个字符并打印输出该字符
  • ¥15 NX MCD仿真与博途通讯不了啥情况
  • ¥15 win11家庭中文版安装docker遇到Hyper-V启用失败解决办法整理
  • ¥15 gradio的web端页面格式不对的问题
  • ¥15 求大家看看Nonce如何配置
  • ¥15 Matlab怎么求解含参的二重积分?
  • ¥15 苹果手机突然连不上wifi了?