This is an odd one. I developed a simple iPhone application for management at my company to check real time sales statistics. The first hurdle was figuring out how to get the app to communicate with our old MSSQL 2005 server. After some research it seemed like the fastest way to do it was to create a basic ASP page that would spit out query results with response.write() calls. This works pretty well actually- but the ASP page that returns the results is open to the entire world. The only ‘security’ mechanism I’ve got on it isn’t really one at all- changing the HTTP port on the server side.

So my question is- what are best practices for this? What would work between ASP and Objective-C? I’ve read up on some basic challenge-response, encryption, and the like, but it seems like overkill for a simple string of generally unintelligible sales numbers. As the app develops into something more complex however, I’d like this problem solved before the asp starts sending back more sensitive data.

Here is my connection to server code, if it helps. The constant is just there so I can append POST data to it to get to different stats based on what I want from the app. The logic for this is elsewhere and not really important.

NSString * const appDataUrl = @"http://{the url for the asp page}";

//Don't ask me how this works. Google FTW...
-(NSString *) pullData:(NSString *) url {
    NSError * error = nil;
    NSURLResponse * response = nil;
    NSData * downloadedData = 
        [NSURLConnection sendSynchronousRequest:
         [NSURLRequest requestWithURL:
          [NSURL URLWithString:url]] returningResponse:&response error:&error];
    NSString *strData = [[NSString alloc]initWithData:downloadedData encoding:NSUTF8StringEncoding];
    return strData;
}

Thanks guys.