iOS和RESTful Web服务加密
[英]iOS and RESTful web service encryption
问题描述
So here is situation: I have GPS based app with a lot of sensitive data sending to server - GPS coordinates, users address book phone numbers and so on. 
所以情况如下:我有基于GPS的应用程序,有很多敏感数据发送到服务器 - GPS坐标,用户通讯录电话号码等。 So I need to have it really secure. 所以我需要让它真的安全。
I decided to encrypt data sent to server with HMAC+SHA256, decrypt there, encrypt response, send response to client, and decrypt there. 我决定使用HMAC + SHA256加密发送到服务器的数据,在那里解密,加密响应,向客户端发送响应,并在那里解密。
Question is - does my app need CCATS review and approval since I'm not using HHTPS with SSL and just sending data encoded with SHA256? 问题是 - 我的应用程序是否需要CCATS审核和批准,因为我没有使用带有SSL的HHTPS而只是发送用SHA256编码的数据?
2 个解决方案
解决方案1
1 2012-09-04 18:33:53
Yes, it does. 是的,它确实。 In theory any app that uses encryption needs CCATS review. 理论上,任何使用加密的应用都需要CCATS审核。 If you ask directly to Apple, they will answer that (yes, I did ask them). 如果您直接向Apple询问,他们会回答(是的,我确实问过他们)。
解决方案2
1 已采纳 2012-09-04 20:46:03
Don't reinvent the wheel, use https - really. 不要重新发明轮子,使用https - 真的。
You will have to have a 'real' certificate on your website as (last time I checked) the https built in to iOS will only work with 'real' certificates. 您必须在您的网站上拥有“真实”证书(上次我检查),iOS内置的https只能使用“真实”证书。 Note that this will probably cost you ~$100/year. 请注意,这可能会花费你〜$ 100 /年。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.