I am developing an android app for a site, which I made a capability in it that users can send data to the site database in the app. I use PHP web services and URL in android code for connecting to the web service. how can I make my app (and my php web service) secure that no one can't find the web service url by debugging my apk and send amount of data to the site and make the site down.
any tips for make software system secure from these kinds of dangers can help me a lot, thank you.
edit : for example now I use AsyncTask for sending data in my edittext to webservice like below. I use this code in my oncreate to send data to AsyncTask class in the name of AskServer() :
link = "http://mywebservice-adrress/name.php";
new AskServer().execute(link, edttext.getText().toString());
and here is my doInBackground of my AsyncTask class :
@Override
protected Object doInBackground(String... params) {
BufferedReader buf = null;
try {
URL link = new URL(params[0]);
URLConnection connect = link.openConnection();
connect.setDoOutput(true);
OutputStreamWriter osw = new OutputStreamWriter(connect.getOutputStream());
String data = URLEncoder.encode("field","UTF8") +"="+ URLEncoder.encode(params[1], "UTF8");
sw.write(data);
osw.flush();
} catch (Exception e) {e.printStackTrace();}
return null;
}// end doInbackground()
and here is my php code in my web service :
<?php
include 'config.php';
$field=$_POST['field'];
mysql_query("insert into `wp_comments` (`comment_content`)
values('$field')");
?>
It is an example and my real code send much more data to server, and maybe code above doesn't work, I just make my question more exact and specific as stackoverflow want me. my question is how to make these transactions safe and secure from hackers which may debug my code and find my url , in code above (params[0]) and send amount of data to my site and make it down. or how can I use the service of sending data to server more secure from these kind of dangers??
