I think this is a little hard to explain. Basically, I have an android app which connects to a web app. I want requests that I make from the web app, to not be made anywhere else. I am using PHP, by the way. So if for say, I make a request from an android app called “send_data.php?foo=bar”, I want that request to not work, unless its indeed sent from the android app alone. So I cant just go to my browser and type “send_data.php?foo=bar” and it will work.
I have thought of one way, and that is to have a secret value in my request like “pw=12345”, and then in the PHP script, have if($pw = "12345"), but then I figured someone could packet sniff their phone and easily get that secret value. Is there any way possible I can accomplish this?
Qasim,
One way you could do it is to use a post instead of a get variable and then access the link as an SSL link. Doing so would make sure that the posted information is encrypted. If you can’t do that you could do like I did. I encrypted the data that I am sending to the phone on the server. It stays encrypted on the phone and is only decrypted when it is used in the app. This way it doesn’t matter if someone sniffs my connection and gets the data. It’s all but useless. Hope this helps.