Should i use public/private key encryption in this case?
I have an iPhone app and a backend php web app.
The php site stores some information and i have to use the iPhone app to retrieve that data and show it in it.
So, suppose the iphone app has to show a list of houses for a given user, it would call the folllowing php script
http://example/process.php?user=300
That script makes the sql query and returns an xml with the houses' data.
Should i at any point encrypt anything to prevent spoofing?
Another case, for example admob for each app generates a "publisher id" that is used in the iphone app to "connect" the app with the web app, is that "publisher开发者_开发问答 id" used as a private key to encrypt/decrypt the data sent/received?
Thanks
Does the user have to authenticate? If so, it would be better to generate a token on the server after the authentication step, and use that token in subsequent webservice calls.
e.g.:
http://example/login.php?login=xxx&pw=yyyy
=> returns token 80a8b97c0c8941e1b290bdf33f3124de if successful
Then instead of passing a user id, pass the token:
http://example/process.php?token=80a8b97c0c8941e1b290bdf33f3124de
精彩评论