Geek Answers Handbook

Definition of request from iPhone application

I have an iPhone app that communicates with the server (both of which I own and wrote code for). I need to determine if the request on my server was received from the iPhone (or any mobile device on which I wrote the application that I wrote in this regard). Basically, I just want to allow the applications that I wrote to communicate with the server, and you need a way to verify this. Since I am writing applications, I can change the headers and what I do not need.

I read a little about public key encryption, but I don't think this will work. If I sent some secret hashed word in my headers to check it, could some third-party participants just get these headers and use them in my request?

0
source share
3 answers

You can use the checksum. Let's say you have something like: Date Title

and calculate the checksum using, say, MD5 (date + "string" + subject), and you calculate MD5 in the same way on the server. If they match, they are associated with the mobile client.

This will work until someone finds out your algorithm.

+1
source

Perhaps your server will send a message to your application containing a random code. This message and code changes every time it is sent.

Then your application runs some kind of algorithm in this message to โ€œencryptโ€ it and send it back to the server, and then the server can check it. Thus, there is nothing to intercept and use without knowing its "encryption".

Of course, they can intercept the message from each direction, and then develop their own algorithm, but if you make it complicated enough, it will be a little.

0
source

You can simply use default HTTP authentication if you do not need something more secure.

0
source

More articles:


All Articles