stackoom
  简体   繁体   中英

How can I prevent anything other than my iPhone app from communicating with my Rails webapp?

 原文  2011-04-16 04:35:41       iphone/ ruby-on-rails/ ios

Question

I'm diving into web development and I've built a few basic rails apps, but now I'd like to begin learning how to securely connect my iOS apps with my Rails apps. For example, if I want my iOS app to query my Rails webapp for some data from the DB by passing parameters in the url... 

http://mywebapp/mycontroller/search?q=keyword

...what are some common web development methods I can use to prevent anything (or anyone) other than my iOS app from successfully executing that search query?

I'm sure this type of forgery that I'm trying to prevent has a formal name, but I'm very new to web development and I'm still learning all the jargon. Thanks so much for your wisdom!

3 answers

solution1
 5  2011-04-16 04:41:03

Use the trick that Rails uses in the protect_from_forgery by generating a unique key for you iphone app. Then ensure that your app passes that key in the requests to the server. You can then write a before_filter to ensure that the request possesses the key. If it does then you process the request. If it does not then you return an error with a custom message explaining why they can't have access.

solution2
 4 ACCPTED  2011-04-16 04:44:01

You could create a hash and use it as a token which would be passed with each call to identify your application (hard coded value in the app) and the session (current ip address of the client.) So: hard_coded_value + ip_addressed -> MD5/SHA1 (whichever) = token. Your server would also have a copy of the hard coded value as well as the calling client's ip address, perform the same hashing function and compare the results. If they match, it's your app. If not, then it isn't.

solution3
 1  2011-04-16 04:44:29

you should add HTTP basic authentication in your web app (search file) Refer these links -

http://en.wikipedia.org/wiki/Basic_access_authentication

http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html

Basic HTTP Authentication on iPhone

NSURLConnection and Basic HTTP Authentication in iOS

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I cache my dynamic iPhone webapp for working offline? how to login from the iphone to my rails app? Can't build iOS/iPhone app as anything other than i386 Lots of unnecessary frameworks load into my iPhone app - can I prevent this? How can I see on my iPhone the rails app is running on my mac via Passenger How can I deploy an app to my iPhone from the command line? How can I restart my iphone app from an AlertView? iPhone - how can I embed images in email from my app? how can I sign in from my iphone app to facebook account? how can i access iphone contacts from my app?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM