确定请求是否来自iPhone应用程序 [英] Determining if a request came from an iPhone app
问题描述
我读了一点公钥加密,但我不要以为它会奏效如果我在我的头文件中发送了一些秘密散列词来验证它,那么外部方法是否只能在这些请求中使用相同的标题?
可以使用校验和。假设你有这样的东西:
date
subject
并通过使用计算校验和,让我们说MD5(date +string +主题),
,您在服务器上以相同的方式计算MD5。如果他们匹配,他们来自移动客户端。
这将有效,直到有人计算出您的算法。
I have an iPhone app that communicates with a server (both of which I own and wrote the code for). I need to way to determine if a request on my server came from an iPhone (or any mobile device running the app I wrote for that matter). Basically, I only want to allow apps that I wrote to communicate with the server and need a way to verify that. Since I'm writing the apps, I can modify the headers and what not any way I need to.
I read up a little on Public Key Encryption, but I don't think it'd work. If I sent some sort of secret hashed word in my headers to verify it, couldn't some outside party simply get those headers and use the same ones in their request?
You can use a checksum. Let's say that you have something like: date subject
and calculate the checksum by using, let's say MD5 of (date + "string" + subject), and you calculate the MD5 in the very same way on the server. If they match, they are from the mobile client.
This will work until someone figures out your algorithm.
这篇关于确定请求是否来自iPhone应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!