通过MySQLi登录iOS应用
[英]iOS app logging in via MySQLi
问题描述
I'm creating an app wherein the user can access a database using PHP and MySQLi. 
我正在创建一个应用程序,其中用户可以使用PHP和MySQLi访问数据库。
For creating the account I create a url string with the parameters appended on the end which is then read using $_GET in my signup.php file and added to the database (I'll be adding things like email activation later). 为了创建帐户,我创建了一个URL字符串,在其末尾附加了参数,然后使用我的signup.php文件中的$ _GET读取了该字符串,并将其添加到数据库中(稍后将添加诸如电子邮件激活之类的内容)。
Two questions: 两个问题:
Is there a problem using
$_GETin this fashion?以这种方式使用$_GET是否有问题? since I'm appending the email and password to the url string, I feel its not secure, but since its inside the app I'm not as sure.由于我将电子邮件和密码附加到url字符串中,因此我觉得它并不安全,但是由于它位于应用程序内部,因此我不确定。 How should I handle the login?
我应该如何处理登录? The way I was thinking was to use $_GETmethod again and using this information in a query to check for matching results then return a message which the app would pick up to log the user in.我当时想的方式是再次使用$_GET方法,并在查询中使用此信息来检查匹配的结果,然后返回一条消息,应用将选择该消息来登录用户。
1 个解决方案
解决方案1
1 已采纳 2014-12-13 22:07:41
- Is there a problem using $_GET in this fashion?
You're right. 你是对的。 It's not secure. 这不安全。 Anybody on the same wifi network as the device can see the password. 与设备位于同一wifi网络上的任何人都可以看到密码。
How should I handle the login?
Buy an SSL certificate for the server and use https. 购买服务器的SSL证书并使用https。 This will make what you're doing secure. 这样可以确保您的工作安全。
There are no other alternatives, SSL is the way to go. 没有其他选择,SSL是必经之路。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.