I have an app which connects to xml generated by server. I would like to know how can i secure the connection between the app and the server to avoid the one will spoof the url of xml source and use it outside of the app.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have an app which connects to xml generated by server. I would like to know how can i secure the connection between the app and the server to avoid the one will spoof the url of xml source and use it outside of the app.
The use of XML is arbitrary, you are just transmitting data structures between the client and the server and the same security concerns are present. In the context of XML based protocols you have to worry about xml injection.
In general you can never trust the client, the remote API you provide will always be accessible to the attacker. If you try to enforce such rules on the client you’ll violate CWE-602: Client-Side Enforcement of Server-Side Security.