I’m diving into web development and I’ve built a few basic rails apps, but now I’d like to begin learning how to securely connect my iOS apps with my Rails apps. For example, if I want my iOS app to query my Rails webapp for some data from the DB by passing parameters in the url…
http://mywebapp/mycontroller/search?q=keyword
…what are some common web development methods I can use to prevent anything (or anyone) other than my iOS app from successfully executing that search query?
I’m sure this type of forgery that I’m trying to prevent has a formal name, but I’m very new to web development and I’m still learning all the jargon. Thanks so much for your wisdom!
You could create a hash and use it as a token which would be passed with each call to identify your application (hard coded value in the app) and the session (current ip address of the client.) So: hard_coded_value + ip_addressed -> MD5/SHA1 (whichever) = token. Your server would also have a copy of the hard coded value as well as the calling client’s ip address, perform the same hashing function and compare the results. If they match, it’s your app. If not, then it isn’t.