Avoid undesired petitions on a REST server (client = Android)
I'm working on an Android project that comunicates with a REST+JSON server. And I'd like to avoid malicious users to inj开发者_开发技巧ect http posts in the server from outside my app.
How can I do that? I had thought in a mechanism similar to the authenticators keyrings like that (blizzard authenticator):
http://us.blizzard.com/support/article.xml?locale=en_US&tag=TOKENFAQ&rhtml=true
This way before send an request to the server the Android device generates a code and add it to the post. The server validates that code ignoring petitions with wrong codes. Don't know if that idea is valid, how to generate that codes and how to implement it for avoiding the user to sniff the network traffic, catch that code and reuse it. Can someone guide me with that? Thanks in advance
I posted more or less the same question yesterday here: Android Client, Http Server, How do I know client is sending data using my app? authentication
I decided to go ahead with SSL and right now its all setup except for the client-authorization which I will be doing today.
精彩评论