I am building an app which gets JSON-encoded data from a web server. Right now, anyone can access the server-script that gets the data, and potentially access sensitive data.
So, what is the best way to ensure that the app is what's getting the data, and secure the traffic between the server and app? The server-script is PHP.
Thank you.
You should use nonces
Here's a great tutorial on how to generate an MD5 hash in C:
http://www.saobart.com/md5-has-in-objective-c/
So, what is the best way to ensure that the app is what's getting the data
In general, you can't. The best you can do is use some sort of login system, but anyone sniffing packets will be able to figure that out.
and secure the traffic between the server and app?
Use TLS, i.e., HTTPS using SSL.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With