保护iPhone API Web服务的最安全/最简单的方法
[英]Safest / Simplest way to secure iphone api webservice
问题描述
I've been doing a lot of research and trying to figure out the best (most simple) way to secure an iphone app's webservice. 
我一直在做大量研究,试图找出保护iPhone应用程序Web服务的最佳(最简单)方法。 My ideas so far are below: 到目前为止,我的想法如下:
- Use oAuth 2.0 (cons: labor intensive) 使用oAuth 2.0(缺点:劳动强度大)
- Store salted&hashed password (SHA-1) and send each api call with username and salted password as url params 存储加盐和哈希密码(SHA-1)并使用用户名和加盐密码将每个api调用发送为url参数
- store salted&hashed password (SHA-1) with username and send both as one single url param that would be stored in the DB in a unique field or table 使用用户名存储盐渍和哈希密码(SHA-1),并将二者作为一个单独的url参数发送,该参数将存储在数据库中的唯一字段或表中
- only allow users to log in via twitter login or facebook login. 仅允许用户通过Twitter登录或Facebook登录登录。
Would any of these approaches work? 这些方法中的任何一种都行得通吗? Im leaning towards #3 right now because it seems simple yet effective in my eyes. 我现在倾向于#3,因为在我眼中它看起来很简单却很有效。 Any feedback would be appreciated! 对于任何反馈,我们都表示感谢!
1 个解决方案
解决方案1
1 已采纳 2013-08-31 09:53:37
I would use 4. and implement OpenID. 我将使用4.并实现OpenID。 There is great support for it and it gives you Google Authentication as well as Yahoo and many others. 它具有强大的支持,它为您提供Google身份验证以及Yahoo和其他许多功能。 It means your users no longer have to create accounts with you so you'll be able to retain customers more easily. 这意味着您的用户不再需要与您创建帐户,这样您就可以更轻松地留住客户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.