I am developing one application for Android and I am creating a php based web service to retrieve information from a database.
The fact is, I really don't know how to protect this service.
For example, if my android application needs to get some information from the server, it calls http://mywebservice.com/service.php and it will send several POST parameters as a user and password for logging in or something like, for example, one user ID to retrieve his data.
Of course, anyone with sufficient knowledge will also be able to obtain this data. And this is what I do not want.
Anyone who knows the options for sending to my server will be able to extract information from it.
How can I protect this?
I read about OAuth, OAuth2, two-legged and three-voice implementations, https ..
But at the moment, I really don't know how to provide this.
I want the web service to respond only to my application and not to someone else.
PS: There is even something like http://myservice.com/get_information.php that you send the identifier and you can get a lot of information. Of course, I control this in my application, only registered and authorized people can do this, but this is a problem. What is the best way to do such things?
source
share