简体繁体中英

How to make sure only my app can insert data into the DB?

原文 2015-08-10 12:49:17 3 1 php/ ios/ mysql/ api/ oauth-2.0

The problem

I am developing the back-end for a iOS app. One of the endpoint allows the app to insert data into the database, eg register-user.php .

The app calls the API with certain parameters (eg, username and password), the server performs certain operations (eg, salt and hash the password) and then store everything on the database.

The question

How can I make sure only the app can actually call the API and insert data into the database?

I looked into SSL certificates and OAuth2 but they don't seem to apply here (unless I profoundly misunderstood them).

1 answers

Pass some token or auth/pwd to the api. Not the user's password, another pass that you keep on your app. Also HTTPS is needed to avoid sniffing.

Is this a test question? You're the second person to ask the same, and both of you seem to dislike TLS/SSL for some unknown reason.

How do I make sure the rapidly changing data from my MySQL DB is accurately represented in php scripts?

How to make sure no scripts except those under my own domain, can include the db connection file?

How can I make sure PHP json_encode will encode whatever data I read from the db?

How can I make sure that my PHP api can only be used by a specific javascript page

How can I make sure only my phonegapp ajax posts will be executed by php

Mobile App: users writing to DB how to be sure they can(authentication)?

How to make sure my PHP app wont be distibuted?

How to make sure users can only vote once per post

how can I make sure that the origin of the request to my server is legit?

How can I make sure that a user visits a page of my site only if he's redirected from a specific function?

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I make sure the rapidly changing data from my MySQL DB is accurately represented in php scripts? How to make sure no scripts except those under my own domain, can include the db connection file? How can I make sure PHP json_encode will encode whatever data I read from the db? How can I make sure that my PHP api can only be used by a specific javascript page How can I make sure only my phonegapp ajax posts will be executed by php Mobile App: users writing to DB how to be sure they can(authentication)? How to make sure my PHP app wont be distibuted? How to make sure users can only vote once per post how can I make sure that the origin of the request to my server is legit? How can I make sure that a user visits a page of my site only if he's redirected from a specific function?

Related Tags

How to make sure only my app can insert data into the DB?

Question

1 answers

solution1 0 2015-08-10 13:01:35

solution1
0 2015-08-10 13:01:35