什么是保证基础科尔多瓦移动应用和网站服务器之间的通信过程中的隐私的最佳方式? [英] What's the best way to ensure privacy during communication between Cordova based mobile app and web server?
问题描述
我已经建立了基于科尔多瓦移动应用,为iOS和Android,我需要让应用程序和服务器之间的安全通信。请求服务器,在JavaScript中,是这样的:
I've built a mobile app based on Cordova, for both iOS and Android, i need to make secure communication between app and server. Request to server, in javascript, are like this:
request.open("GET", 'http://url/service?firstElement='+elem+'&secondElement='+elem2, false);
我试着使用RSA加密生成公钥和私钥在本地使用pidCrypt图书馆,2048bits密钥需要时间过长是产生,所以我用512位。
服务器不能够解密消息
I've tried to use RSA encryption generating public and private key locally using pidCrypt libraries, the 2048bits key requires too long time to be generates, so i've used 512bits. The server is not be able to decrypt the message.
我正在寻找一个更好的解决方案。
I'm looking for a better solution.
推荐答案
尝试使用发送Ajax请求,像这样。我假设你使用PHP动态code(服务器端)。
Try Using Send Ajax Request, Like This. I assume that you use php for Dynamic code (Server Side).
下面是HTML文件的样品,该样品美元的科尔多瓦,PhoneGap的目录p $ psant。
Here is Sample of HTML file which presant on your cordova, phonegap directory.
<form method = "post" action = "#!">
<div class="col-md-4">
<span class="help-block">Name</span><input type="text" name="username" class="form-control" />
</div>
<br>
<div class="col-md-4">
<span class="help-block">Password</span><input type="text" name="password" class="form-control" />
</div>
<input type = "submit" value = "Save" class = "btn btn-success right" onClick="UpdateRecord();"/>
</form>
<script>
function UpdateRecord()
{
var name = $("[name='username']").val();
var host = $("[name='password']").val();
jQuery.ajax({
type: "POST",
url: "php/login.php",
/* Or */
/*url: "https://www.yoursite.com/page",*/
data: "username="+ username+"& password="+ password,
dataType: "html",
cache: false,
success: function(response){
if(response == 'true') {
$.session.set("myVar", username);
window.location.href='profile.html';
}
else {
$("#errorMessage").html("Invalid Entry, Please Try Again");
}
}
});
}
</script>
和PHP文件句柄查询。
And PHP File for Handle Query.
请不,code未测试,它可能会根据自己的需要改变。您可以执行任何加密方法,并在这里使用任何功能。
Please Not that code is not tested and it may change as per your need. You can perform any encryption method and use any function here.
<?php
include 'config.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if(!empty($username) && !empty($password))
{
//$result = mysql_query("SELECT * FROM ".$db.".users WHERE username='$username' and password ='$password'");
$result=mysql_query("select * from ".$db.".users WHERE email = '$username' ");
while($data = mysql_fetch_row($result))
{
$original_password = $data[3];
$salt = $data[4];
$hashedPass = sha1($salt.$password);
$fullusername = $data[16]." ".$data[17]; // Used Only for create full name session
if ($original_password == $hashedPass)
{
$_SESSION['username'] = $fullusername;
$_SESSION['useremail'] = $username;
$_SESSION['UserID'] = $data[0];
echo 'true';
}
}
}
?>
修改
request.open("GET", 'http://url/service?firstElement='+elem+'&secondElement='+elem2, false);
避免在发送敏感数据使用GET方法。
Avoid to use GET method while sending sensitive data.
修改,有用的链接
<一个href=\"http://stackoverflow.com/questions/20406291/local-storage-protection-in-phonegap-application?rq=1\">Local在PhoneGap的应用程序存储保护
这篇关于什么是保证基础科尔多瓦移动应用和网站服务器之间的通信过程中的隐私的最佳方式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
