固定连接PHP服务器不使用SSL [英] Securing connection to php server without SSL

问题描述

我有以下情形：Android的客户端通过HTTP POST一个PHP的服务器进行通信。 PHP的服务器与MySQL数据库进行通信，并发送输出JSON到Android客户端。
我在问题已经说明这一点：固定连接PHP服务器

I have following scenario: The Android clients communicate with a PHP server via HTTP Post. The PHP server is communicating with mySQL database and sends the output as JSON to the Android client. I have stated this already in question: securing connection to php server

结论有使用TLS / SSL来保护连接。可惜的是我的服务器不支持TLS。

The conclusion there is to use TLS/SSL to secure the connection. Unfortunatelly my server does not support tls.

有一些其他的方式以某种方式让它多一点很难得到我的PHP服务器的API，因此人们无法通过PC上传到我的服务器。

Is there some other way to somehow make it little more difficult to get the API of my php server, so people cannot post via PC to my server.

我想过的gzip，但我这将是一个低阻隔...

I thought about gzip, but I it will be a low barrier...

因此​​，如果有人嗅着使用Wireshark的交通，他不应该很容易就如何我的PHP服务器的通信已经完成。

So if someone sniffs the traffic with wireshark, he should not easily get how the communication to my php server is done.

推荐答案

您可以建立某种形式的所有要发送到服务器的数据的哈希值，然后发送哈希与数据一起到服务器，服务器可能然后计算相同的哈希，并检查它与发送的哈希值。那么，除非他们找出散列是如何计算的，没有人能送自己的数据。

you could create some sort of hash of all the data you are sending to the server, then send that hash along with the data to the server, the server could then calculate the same hash and check it against the sent hash. then no one could send their own data unless they figure out how the hash is calculated.

这篇关于固定连接PHP服务器不使用SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！