帐户注册最佳实践/唱起来/认证在移动应用程序 [英] Best practices for account registration/singing up/authenticating in mobile app
问题描述
我写的移动应用程序。我也有Web服务器,即处理HTTP请求来启动用户注册,并添加用户/密码数据库。但我不希望发送的用户密码,因为安全的POST请求的参数。现在,在我的本地机器上它完美的作品,但在互联网上这将是不安全的。还有一点很容易DDoS攻击该Web服务器。
所以我的问题是:
- 如何组织报名过程中的Android应用程序?
- 如何通常是手机应用程序句柄注册程序?
- 我怎样才能安全地发送用户的密码?
- 如何安全地存储用户密码的移动应用,特别是里面的Android应用程序
1使用账号注册使用的是客户经理的最好方法。
2 - 通常你有一定的道理,以保持用户登录,当用户访问它,你更新它。
3使用HTTPS
4-你不,使用代币。
有一个伟大的教程,你可以遵循:<一href="http://udinic.word$p$pss.com/2013/04/24/write-your-own-android-authenticator/">http://udinic.word$p$pss.com/2013/04/24/write-your-own-android-authenticator/
I'm writing mobile application. I also have web server, that handle http requests to start user registration, and add user/password to database. But I do not want to send users password as a parameter of POST request because of security. Now on my local machine it works perfectly, but on the internet it would be insecure. Also it is easy to DDoS this web server.
So my questions is:
- How can I organize sign up process in Android app?
- How does usually mobile application handle registration process?
- How can I securely send users password?
- How can I securely store users password in mobile application, especially inside Android Application
1- The best way to use account registration is using the Account Manager.
2- Usually you have some token to keep the user logged and when user access it you renew it.
3- Use https
4- You dont, use tokens.
There is a great tutorial that you can follow: http://udinic.wordpress.com/2013/04/24/write-your-own-android-authenticator/
这篇关于帐户注册最佳实践/唱起来/认证在移动应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!