从Android应用程序现场登录。 无法发送POST请求。 使用GET请求发送密码可以吗? 我应该加密吗?
[英]Login on site from Android app. Can't send POST request. Is it fine to send password using a GET request? Should I encrypt it?
问题描述
I'm trying to login on my site from my Android app. 
我试图通过我的Android应用程序登录我的网站。 Sending a POST request is apparently not possible, so the only way is sending a GET request. 发送POST请求显然是不可能的,因此唯一的方法是发送GET请求。 Is it fine to send password this way? 这样发送密码可以吗? Should I encrypt it somehow? 我应该以某种方式对其进行加密吗?
3 个解决方案
解决方案1
1 已采纳 2012-10-22 06:24:31
the way to do this, you should encode your details by using base64_encode function and pass it through "GET" params. 为此,您应该使用base64_encode函数对详细信息进行编码,然后将其传递给“ GET”参数。
Additionally, you may add something to mixed up the password. 此外,您可以添加一些内容以混淆密码。 So this will depends on how you want to display and pass your log in credentials. 因此,这取决于您要如何显示和传递登录凭据。
*Note: for mobile, I think it can't use encrypt function like bcrypt in PHP. *注意:对于移动设备,我认为它不能使用PHP中的bcrypt之类的加密功能。
Hope this helps! 希望这可以帮助!
解决方案2
0 2012-10-22 05:33:57
I do not think it is possible for you to send your device user's credentials through HTTP GET. 我认为您不可能通过HTTP GET发送设备用户的凭据。 If you could go through GET though with some weird method of coding it wont be secure unless it is encryped and SSL is recommended. 如果您可以使用一些怪异的编码方法来进行GET操作,那么除非加密并建议使用SSL,否则它不会很安全。 However it is very possible through HTTP POST and it can be encrypted as well. 但是,通过HTTP POST很有可能,并且也可以对其进行加密。 You should be using SSL for the POST. 您应该将SSL用于POST。 Here is some sample code if you need a reference. 如果需要参考,下面是一些示例代码。
case R.id.login_login_but:
Toast.makeText(this, "Logging in...", Toast.LENGTH_SHORT).show();
ArrayList<NameValuePair> postLogin = new ArrayList<NameValuePair>();
postLogin.add(new BasicNameValuePair("post_user", "User"));
postLogin.add(new BasicNameValuePair("post_pass", "Pass));
try {
String response = null;
response = CustomHttpClient.executeHttpPost(
"http://giveaway.synamegames.com/appfiles/login.php", postLogin);
String res = response.toString();
res = res.replaceAll("\\s+", "");
if (res.equals(1)) {
// logged in
} else {
// incorrect user or password
}
} catch (Exception e) {
Toast.makeText(this, "Server timeout please try again later. You must have internet.", Toast.LENGTH_SHORT).show();
}
break;
And the PHP script I used was... 我使用的PHP脚本是...
<?php
$username=$_POST['post_user'];
$password=$_POST['post_pass'];
$user = 'db_user';
$pswd = 'db_password';
$db = 'db_name';
$server = 'www.domain.com';
$conn = mysql_connect($server, $user, $pswd);
mysql_select_db($db, $conn);
$query=mysql_query("SELECT * FROM users WHERE pass =('$password') AND user = $username")or die(mysql_error());
if(mysql_num_rows($query)==1) {
echo 1;
} else {
echo 0;
}
mysql_close($conn);
?>
解决方案3
0 2012-10-22 06:25:51
You may have to do both encrypting and sending a POST request. 您可能必须同时加密和发送POST请求。 If your signing in process is available as an API, you can use WebRESTClient to do the same.. 如果您的登录过程可以作为API使用,则可以使用WebRESTClient进行相同的操作。
Also, You can do simple hashing like 另外,您可以进行简单的哈希运算
MessageDigest md5Hash = MessageDigest.getInstance("MD5");
mDigest = md5Hash.digest(password.getBytes());
String hashedMessage = new String(Hex.encodeHex(mDigest));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.