开发者

Avoid undesired petitions on a REST server (client = Android)

I'm working on an Android project that comunicates with a REST+JSON server. And I'd like to avoid malicious users to inj开发者_开发技巧ect http posts in the server from outside my app.

How can I do that? I had thought in a mechanism similar to the authenticators keyrings like that (blizzard authenticator):

http://us.blizzard.com/support/article.xml?locale=en_US&tag=TOKENFAQ&rhtml=true

This way before send an request to the server the Android device generates a code and add it to the post. The server validates that code ignoring petitions with wrong codes. Don't know if that idea is valid, how to generate that codes and how to implement it for avoiding the user to sniff the network traffic, catch that code and reuse it. Can someone guide me with that? Thanks in advance


I posted more or less the same question yesterday here: Android Client, Http Server, How do I know client is sending data using my app? authentication

I decided to go ahead with SSL and right now its all setup except for the client-authorization which I will be doing today.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜