Geek Answers Handbook

Secure / Verified Interoperability from a WP7 Application

I am working on a WP7 application. This WP7 application will interact with some of the web services that I created. I do not want other applications to interact with these web services. The reason is that I do not want them to steal my data. With that in mind, here is what I am doing now:

  • Connect to web services via HTTPS
  • Initial input of my users to the application
  • Transfer user username / password for each interaction with the web service

Currently, I do not see what is stopping the attacker from creating a username and password combination and using this account in my application to interact with my web services. How do I really block this thing?

Thank!

+5
source share
5 answers

As a start to a more secure system, you should stop storing the password and send it over the cable with every request (even if you use SSL).

If you must pass it with every request, save the salted password hash and use it instead.

+1
source

I use a tiered approach to this problem. I recommend thinking creatively and using various methods to verify that requests come from the devices you expect from requests.

Alternatively, if there are any virtues in your scenario, open your api to third-party developers and make this work goals.

+1
source

, RAW, UTF8, .

, , , .

, . .

API , .

DeviceExtendedProperties.GetValue( "DeviceUniqueId" ) ToByte();.

, .

, , , . , - , - .

+1

" ", HTTP. (, ). HTTP (S).

It will also give you the opportunity to cancel the new application identifier in updated versions of the WP7 application if you want to get rid of the old application identifier. In the future, you will also be able to support new applications on differential devices or platforms.

0
source

More articles:


All Articles