堆栈内存溢出
  简体   繁体   English

如何防止除iPhone应用程序之外的其他任何东西与Rails Web应用程序通信?

[英]How can I prevent anything other than my iPhone app from communicating with my Rails webapp?

 原文  2011-04-16 04:35:41       iphone/ ruby-on-rails/ ios

问题描述

I'm diving into web development and I've built a few basic rails apps, but now I'd like to begin learning how to securely connect my iOS apps with my Rails apps. 我正在研究Web开发,并且已经构建了一些基本的Rails应用程序,但是现在我想开始学习如何将iOS应用程序与Rails应用程序安全地连接起来。 For example, if I want my iOS app to query my Rails webapp for some data from the DB by passing parameters in the url... 例如,如果我想让我的iOS应用通过在url中传递参数来查询我的Rails Web应用以获取数据库中的某些数据... 

http://mywebapp/mycontroller/search?q=keyword

...what are some common web development methods I can use to prevent anything (or anyone) other than my iOS app from successfully executing that search query? ...我可以使用哪些常见的Web开发方法来阻止除我的iOS应用以外的任何(或其他任何人)成功执行该搜索查询?

I'm sure this type of forgery that I'm trying to prevent has a formal name, but I'm very new to web development and I'm still learning all the jargon. 我确定我要防止的这种伪造具有正式名称,但是我对Web开发非常陌生,我仍然在学习所有术语。 Thanks so much for your wisdom! 非常感谢您的智慧!

3 个解决方案

解决方案1
 5  2011-04-16 04:41:03

Use the trick that Rails uses in the protect_from_forgery by generating a unique key for you iphone app. 通过为您的iPhone应用程序生成唯一密钥,使用Rails在protect_from_forgery使用的技巧。 Then ensure that your app passes that key in the requests to the server. 然后,确保您的应用将请求中的密钥传递给服务器。 You can then write a before_filter to ensure that the request possesses the key. 然后,您可以编写一个before_filter来确保请求拥有密钥。 If it does then you process the request. 如果是这样,则您将处理请求。 If it does not then you return an error with a custom message explaining why they can't have access. 如果不是,那么您将返回一条错误消息,并显示一条自定义消息,说明他们为何无法访问。

解决方案2
 4 已采纳  2011-04-16 04:44:01

You could create a hash and use it as a token which would be passed with each call to identify your application (hard coded value in the app) and the session (current ip address of the client.) So: hard_coded_value + ip_addressed -> MD5/SHA1 (whichever) = token. 您可以创建一个哈希并将其用作令牌,该令牌将随每次调用一起传递,以标识您的应用程序(应用程序中的硬编码值)和会话(客户端的当前IP地址。)因此:hard_coded_value + ip_addressed-> MD5 / SHA1(以任何一个为准)=令牌。 Your server would also have a copy of the hard coded value as well as the calling client's ip address, perform the same hashing function and compare the results. 您的服务器还将具有硬编码值的副本以及主叫客户端的IP地址,执行相同的哈希函数并比较结果。 If they match, it's your app. 如果它们匹配,那就是您的应用。 If not, then it isn't. 如果不是,则不是。

解决方案3
 1  2011-04-16 04:44:29

you should add HTTP basic authentication in your web app (search file) Refer these links - 您应该在Web应用程序(搜索文件)中添加HTTP基本身份验证。请参考以下链接-

http://en.wikipedia.org/wiki/Basic_access_authentication http://en.wikipedia.org/wiki/Basic_access_authentication

http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html

Basic HTTP Authentication on iPhone iPhone上的基本HTTP身份验证

NSURLConnection and Basic HTTP Authentication in iOS iOS中的NSURLConnection和基本HTTP身份验证

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何缓存我的动态iPhone Webapp以便脱机工作? - How can I cache my dynamic iPhone webapp for working offline? 如何从iPhone登录到我的Rails应用程序? - how to login from the iphone to my rails app? 无法将iOS / iPhone应用程序构建为i386以外的任何其他应用程序 - Can't build iOS/iPhone app as anything other than i386 我的iPhone应用程序中加载了很多不必要的框架-我可以防止这种情况吗? - Lots of unnecessary frameworks load into my iPhone app - can I prevent this? 我如何在iPhone上通过Rails在Mac上运行Rails应用程序 - How can I see on my iPhone the rails app is running on my mac via Passenger 如何从命令行将应用程序部署到我的iPhone? - How can I deploy an app to my iPhone from the command line? 如何从AlertView重新启动我的iPhone应用程序? - How can I restart my iphone app from an AlertView? iPhone-如何在应用程序的电子邮件中嵌入图像? - iPhone - how can I embed images in email from my app? 如何从iPhone应用程序登录Facebook帐户? - how can I sign in from my iphone app to facebook account? 如何从我的应用程序访问iPhone联系人? - how can i access iphone contacts from my app?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM