[英]How to secure a geolocation web service?
I'm currently developing a mobile app using Sencha Touch 2 and Phonegap.我目前正在使用 Sencha Touch 2 和 Phonegap 开发移动应用程序。 It's a game where you can "check-in" at some places and get some points every time you do a successful one (as in Foursquare).
这是一款您可以在某些地方“签到”并在每次成功时获得一些积分的游戏(如在 Foursquare 中)。
I'd like to make it impossible for a clever guy (for example, someone that has decompiled my apk) to execute the REST web service (for example, mywebservice/checkin?access_token=abcde&latitude=12345&longitude=6789) with his computer or any other device outside of the app.我想让一个聪明的人(例如,反编译我的 apk 的人)无法使用他的计算机或任何应用程序之外的其他设备。
Do you have any idea of how I could achieve this ?你知道我如何实现这一目标吗?
Thanks a lot,非常感谢,
In absolute terms, what you are looking for is impossible - if the app on the device contains the key and code necessary to send a valid message, and the device allows the user to decompile apps, then anyone can theoretically reverse engineer it and send whatever messages they want.从绝对意义上讲,您要寻找的东西是不可能的——如果设备上的应用程序包含发送有效消息所需的密钥和代码,并且设备允许用户反编译应用程序,那么理论上任何人都可以对其进行逆向工程并发送任何内容他们想要的消息。
In practical terms though, it isn't worth worrying about - nobody will put that much effort into it, and you can probably detect accounts with suspicious activity fairly easily.但实际上,这并不值得担心 - 没有人会为此付出太多努力,而且您可能很容易检测到有可疑活动的帐户。 Just use https and a simple token from the app code to stop anyone who can see the network activity but won't go as far as digging into the app code.
只需使用 https 和应用程序代码中的简单令牌即可阻止任何可以看到网络活动但不会深入研究应用程序代码的人。
Couple options (depending on your exact scenario):几个选项(取决于您的具体情况):
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.