加密/安全通信Android应用程序< - > REST webservice
[英]Encrypt/ Secure communication Android app <-> REST webservice
问题描述
I want to create a backend for my android app with Tapestry5 and this http://code.google.com/p/t5-restful-webservices/ plugin. 
我想用Tapestry5和这个http://code.google.com/p/t5-restful-webservices/插件为我的Android应用程序创建一个后端。 The app will communicate with the server by calling REST methods both for registered users (that would be easy to secure I guess) as well as unregistered users. 该应用程序将通过调用REST方法与服务器进行通信,这些方法既适用于注册用户(我认为这很容易安全),也适用于未注册的用户。 Now of course I don't want people to just call that webservice from a browser. 现在我当然不希望人们只是从浏览器中调用该Web服务。
How can I make sure that only my app can make calls to this backend? 如何确保只有我的应用可以拨打此后端?
2 个解决方案
解决方案1
1 2012-09-25 09:36:37
检查用户UA可以帮助...
解决方案2
1 已采纳 2012-09-25 10:05:57
I can think of 2 approaches: 我可以想到两种方法:
Use SSL to secure the connection. 使用SSL来保护连接。 SSL can do a handshake checking the credentials. SSL可以进行握手检查凭据。 To authenticate the user you can use a certificate or a PSK. 要对用户进行身份验证,您可以使用证书或PSK。
Or you can simply create a Hash (SHA or MD5) of your data and include a key. 或者,您只需创建数据的哈希(SHA或MD5)并包含密钥即可。 This is called hmac. 这叫做hmac。 A reverse engineer may get the Key cause you have to hardcode it in your code. 逆向工程师可能会获得密钥,因为您必须在代码中对其进行硬编码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.