[英]how to allow access to web page only specific mobile app using user agent
I have created some php web pages for inserting webview & some json informations in an android app. 我创建了一些php网页,用于在Android应用中插入webview和一些json信息。 And I want to protect my web data by allowing access to these web pages ONLY from my app , how is this possible ? 我想通过只允许从我的应用程序访问这些网页来保护我的Web数据,这怎么可能? I heard that this can be done by setting my own user agent in the app and catch it in my web page , but I don't know how to do this 我听说可以通过在应用程序中设置自己的用户代理并将其捕获到我的网页中来完成此操作,但是我不知道该怎么做
Assuming that the connection between your app and the backend is via HTTPS, you could use client-side certificates to authenticate the caller (your app) to the backend server. 假设您的应用程序与后端之间的连接是通过HTTPS进行的,则可以使用客户端证书将调用方(您的应用程序)认证到后端服务器。 Only if the caller provides the right certificate the transaction could move further. 只有呼叫者提供了正确的证书,交易才能继续进行。
Note that this is not unbreakable: someone who has access to your app can extract the certificate and replay it. 请注意,这不是牢不可破的:有权访问您的应用的人可以提取证书并重播它。 This is not obvious to do so if you want a reasonable but not NSA grade solution it would be acceptable. 如果您想要一个合理而不是NSA级的解决方案,那么这样做并不明显,这是可以接受的。
A simpler solution would be to send a hard-coded authentication token as part of the transaction, checked by the backend. 一种更简单的解决方案是将硬编码的身份验证令牌作为事务的一部分发送,由后端检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.