Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve built an app that sends an JSON array via POST on a HTTP Request from Android to PHP server.
My question is how to make this secure?
How can I make authentication in an secure way on the server side?
Send the data with SSL connection is enough? Or should I encrypt it with RSA or something?
It depends on what you are trying to protect, SSL will prevent anyone from listening in on the communications, you dont need to add other encryption on top.
If you what to protect the web service itself from unauthorized use then you need users to register and send the username & password(or better password hash) to connect, you can then either use the password for every request or generate a key which will be sent with every request to authenticate the user.
The IMEI idea is not too great since you would first need to get everyone’s IMEI somehow a huge pain if you have more than 1,2 users, and even then this is forge-able as your Android app can be taken apart and made to serve any IMEI.