Menu
I have a Mobile App (iPhone and Android) which allows user to login to his account, change prefs etc...
I want to add a new feature where the user can buy products through his device or upgrade his service. Everything will run from the device and I want to make each transactions the user make it syncs to the web server.
I have HTTPS setup on my server. I would like to know if:
Thanks
862
yes it's a good practice.
first of all ALWAYS use HTTPS.
make sure your certificate is valid and trusted.
for iphone:
for android:
second encrypt your data.
any encryption algorithm or rsa encryption will do the trick.
passing data using GET/POST should not be sent in plain text like: ?user=myuser&pass=mypass. instead use something like ?h28JduDak30fT1pfgmSnShNms762023lflsfdj2h4J. then on your server you simply have to decrypt it using a salt only your phone and the server knows.
example code for iphone:
NSString *encrypteddata =[NSString stringWithFormat:@"key=enryptedstring"];
NSData *data = [encrypteddata dataUsingEncoding:NSUTF8StringEncoding allowLossyConversion:YES];
NSString *datalen = [NSString stringWithFormat:@"%d", [data length]];
NSMutableURLRequest *request = [[[NSMutableURLRequest alloc] init] autorelease];
[request setURL:[NSURL URLWithString:@"https://yourserver:443/loginscript"]]; //:443 very importantz
[request setHTTPMethod:@"POST"];
[request setValue:datalen forHTTPHeaderField:@"Content-Length"];
[request setValue:@"application/x-www-form-urlencoded charset=utf-8" forHTTPHeaderField:@"Content-Type"];
[request setHTTPBody:data];
similar idea for android
then on your server you can decrypt $_POST['key'] and do your login logic (or others)
here's more resource that will help you:
note: for android you shoud take a look at the HTTPComponents
read more
173
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
