I have a RESTFull server and an Android client for it. The server has

Question

0

Asked: June 4, 20262026-06-04T15:06:24+00:00 2026-06-04T15:06:24+00:00

I have a RESTFull server and an Android client for it. The server has

0

I have a RESTFull server and an Android client for it. The server has some methods that return data to HTTP calls of the client. One of the methods in the client code is the one shown below which I used to authenticate the customer.

        HttpClient httpclient = new DefaultHttpClient();
        HttpGet request = new HttpGet(
                "http://localhost:8080/myapp/customer/login/cUser/cpwd");

        request.addHeader("Accept", "text/plain");
        HttpResponse response = httpclient.execute(request);
        HttpEntity entity = response.getEntity();
        InputStream instream = entity.getContent();
        String msg = read(instream);


 if(msg.equals("success"){ // if customer logged in successfully
     //do something
 }

The Server side code uses part of the above uri as username and password and do the authentication. In my opinion, it is easy for someone to get access to these data and use it however he/she like. Is there a better way of doing this?

Thanks in advance

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T15:06:25+00:00

Editorial Team

2026-06-04T15:06:25+00:00Added an answer on June 4, 2026 at 3:06 pm

In a RESTfull service you have to use HTTP/1.1 auth headers, for example:

request.addHeader("Authorization", "auth string");

Auth string can be basic authentification string: base64_encode(login+":"+password) or OAuth2 auth token etc.

P.S. Ou bien use SSL connections, as Brian Kelly said.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a RESTFull server and an Android client for it. The server has

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply