Hello i actually develop a Ios application
This application use a PHP webservice to get data (convert in JSON) from mysql.
Actually it work pretty fine.
But the problem is :
If i want to update, delete, an information.
E.g :
@interface Base : NSManagedObject
@property (nonatomic, retain) NSNumber * id;
@property (nonatomic, retain) NSNumber * latitude;
@property (nonatomic, retain) NSNumber * longitude;
@property (nonatomic, retain) NSString * mail;
...
this class is Fill (after an http request, get JSON) …
problem :
self.mail = @"newmail@mail.com";
how can i update this data to my MySQL Databases ?
-
Create another WebService and send data by url ?
http://mywebsite/service/baseClassUpdate.php?id=XX&mail=XXXX - if yes : is it “Safe” ? cause if someone find this url …
It’s definitely not safe to just send the mail update by a plain request.
First of all those actions should be followed by a password verification and second you should add a md5 hash signature verification to the end and verify that signature on the server…
Also you should send the password in a one way hashed format (md5 or SHA1) and verify the hashed value with what you have in your web server database…
Edit
To reply to your question to this answer
Here is what I would do:
I would do this:
the md5signature should be the md5 hash value of all parameters (id) (mail) (password) and a secret password, like mySecr3tPass
So if id=12, mail = mymail@mail.com and pass=AERF124F, the signature would be the MD5 hash of 12mymail@mail.comAERF124FmySecr3tPass, which would be 0b9492395c9c1a73a6622cab5a6a4de5
So the request would be:
website/script.php?id=12&mail=mymail@mail.com&password=AERF124F&signature=0b9492395c9c1a73a6622cab5a6a4de5So in your php script you sould calculate the md5 hash of all parameters + the secret passphrase and see if those match.
If they match, the request is valid, you can proceed, if they don’t match someone is trying to hijack the database, ignore it!