I'm writing mobile application. I also have web server, that handle http requests to start user registration, and add user/password to database. But I do not want to send users password as a parameter of POST request because of security. Now on my local machine it works perfectly, but on the internet it would be insecure. Also it is easy to DDoS this web server.
So my questions is:
So the app initially posts the username/password (over ssl) and the server returns a token that the app stores. For subsequent sync attempts the token is sent first, the server checks it is valid, and then allows other data to be posted.
1- The best way to use account registration is using the Account Manager.
2- Usually you have some token to keep the user logged and when user access it you renew it.
3- Use https
4- You dont, use tokens.
There is a great tutorial that you can follow: http://blog.udinic.com/2013/04/24/write-your-own-android-authenticator/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With