Geek Answers Handbook

IPhone: how to transfer data from a device to a server safely?

Can someone please help me, I'm a newbie and have not done this before. I have an iPhone app that has a "cart" object. After the user has made his choice, I want to send this information to an XML file on the server. I read that iPhone libraries make it easy to convert data to XML. But from what I understand, the data should be stored in an array or dictionary. It's true? For example, my "Recycle Bin" is an object that uses an array to store data inside, but the "cart" itself has variables that are not stored in the array or dictionary.

Q) How can I convert the entire basket to something that can be transferred as XML to my server?

In addition, I ask customers to create a profile for each order, but this will be done by launching UIWebview directly on the Internet through an https connection. Therefore, credit card information will not be displayed on the device.

Q) What is the best way to connect the profile on the network and the order that is on the device?

Can someone who has run into this problem give me tips or links?

thanks

+4
source share
3 answers

Part one: create a dictionary representing the basket. For each variable, add a key with its variable name as a key and the value of the basket object for this variable as an object for this key.

Part two: this is a very open question :-). It depends on how you identify the user from both ends; although, of course, this will depend on your security requirements. One option is to require your user logs to go through the website the first time you start the device, and then save your user ID in the application on a specific device (preferably in a confidential manner). Do not use this for any reason other than keeping track of the user you think is on the device: repeat the authentication before each purchase or other important actions, such as viewing or changing account information. By the way, depending on how your ordering system works, you may prefer (or require Apple) to implement an in-app purchase. In fact, this will take up most of the complexity, due to Apple's handling fees of 30%.

If you have specific questions about the security problems of such a system, you would be well asked at security.stackexchange.com (I am one of the pro tem moderators there).

+2
source

Securely send your data using ssl.

Converting the cart to XML can be done using the XML Framework / lib, but you will have to write code for this. For example, touchXML:

TouchXML is an easy replacement for the Cocoa NSXML * class cluster. It is based on the open source libxml2 open source library.

Here is a good tutorial.

The source has moved a bit, can be found here

To your second question: It is difficult and can become hoarse. However, if you do not want to switch to an API based on login / account creation, I will have these ideas.

Check the "result" of the webView with the UIWebViewDelegate protocol using the webViewDidFinishLoad: method. The β€œresult” may be: successful account creation or successful login.

In this way, you can access the body of the page using the NSURLRequest property of the web view. Or use something like this using javascript:

 NSString *html = [webView stringByEvaluatingJavaScriptFromString: @"document.body.innerHTML"];

You will have to do parsing, although look for something, such as a marker, with which you can contact the order for a final check.

You could also create a unique order line on the device in the first place and first send it to enter / create a profile in order to slightly increase security and submit it for verification.

+3
source

If you send the encrypted string to the URL, as in the code below, process it on the ASPX page (.NET example) or you can use other languages ​​on the server side. Then, for security, simply ignore anything that is not decrypted (basic encryption-decryption not shown)

  NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:@"http://myzuresite.azurewebsites.net/test3.aspx?bigstring=dgrbthymgk"]]; [request setHTTPMethod:@"POST"]; [NSURLConnection connectionWithRequest:request delegate:self];}

Then on the page http://myazuresite.azurewebsites.net/test3.aspx :

 <%@ Page Language="C#"%> <html> <head> <title>Query Strings in ASP.NET: Page 2</title> <script language="C#" runat="server"> </script> </head> <body> <% // retrieves query string values string bigstring = Page.Request.QueryString["bigstring"]; System.Data.SqlClient.SqlConnection sqlConnection1 = new System.Data.SqlClient.SqlConnection("Data Source=myazuresite.database.windows.net;Initial Catalog=db_name;Integrated Security=False;Persist Security info=False;User ID=your_id;Password=your_Password"); System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(); cmd.CommandType = System.Data.CommandType.Text; cmd.CommandText = "INSERT Scores (col1) VALUES (' "+name+" ')"; cmd.Connection = sqlConnection1; sqlConnection1.Open(); cmd.ExecuteNonQuery(); sqlConnection1.Close(); %> </body> </html>

I handle decryption in an insert trigger in SQL Server, ignoring invalid URLs, and it is VERY safe. I use encryption, which in some way includes time.

-2
source

More articles:


All Articles