Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m building an Android cloud app that asks the user to authenticate himself on a remote PHP/MySql server. As for now, I’m using a basic http post request to do so. I understand this is dangerous, since anyone can sniff the communication and steal the credentials. Is there any other solution than to use https/SSL to solve this?
If I have to use SSL, is there a session management library I can use as to not need to resend the user credentials over SSL each time the user contacts the server?
Keep in mind that even if you get a secure authentication all the other stuff will still be vulnerable to sniffing. HTML files are sent back in plain text, which may contain sensitive information. SSL is made specifically for this job.
You don’t need to resend the credentials, SSL is fairly transparent “plug and play”.
Use the PHPSESSID (default for
session_start()) to keep track of the user.