从被别人称为保护HTTP请求 [英] Protect HTTP request from being called by others
问题描述
我从中我要上传我的Web服务器上的某些数据到数据库的Android应用程序。作为MySQL的Java库的大小为约5万桶,我不想与应用程序包含它。
所以,我会做出一个PHP脚本HTTP请求,并与URL作为参数发送数据。我如何确保只有我可以打电话吗?我不希望人们嗅出了网址,并把它称为我的应用程序之外。
I have an Android application from which I want to upload some data to a database on my web server. As the MySql java library has a size of about 5 mb, I don't want to include it with the application. So I'll make a HTTP request for a php script and send the data with the URL as parameters. How do I make sure that only I can call this? I don't want people to sniff up the URL and call it outside my application.
感谢
推荐答案
使用一个简单的静态标记来识别客户端是你自己或预支的方式,先用一个用户名/密码进行身份验证,生成令牌,使用此令牌进一步的交易。这种标记可以在一段时间后过期。
Use a simple static token to identify the client is yourself or in an advance way, first authenticate with a username/password, generate a token and use this token for further transactions .This token can expire after some time.
选项1:HTTP:// [您请求的URL]放大器;关键= XYZ
其中xyz是只知道你
option1: http://[your request url]&key=xyz where xyz is known only to you
选项2:使用用户名和密码后,成功验证第一个ping服务器获取动态令牌[DKEY],存储在本地。
然后进一步要求。
HTTP:// [您请求的URL]放大器;关键= DKEY
option 2: first ping server with username password and upon successful validation get a dynamic token [dKey], store it locally. then for further requests. http://[your request url]&key=dKey.
选项2是一个通常被人跟踪。
option 2 is the one normally being followed.
这篇关于从被别人称为保护HTTP请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
