安全通信iPhone和服务器之间？ [英] Secure Communication Between iPhone and Server?

问题描述

我正在开发它连接到一个基于XML的API的应用程序。我有超过服务器和应用程序都控制 - ？有没有什么办法可以确保只有我的应用程序可以访问API

I'm developing an app which connects to an XML based API. I have control over both the server and the app - is there any way I can make sure only my app can access the API?

有没有用户身份验证。

编辑：

主要关注的是，机器人通过扫描XML窃取数据。

The main concern is that bots steal data by scanning the XML.

这个怎么样：

我要求与设备UDID的会话，我得到一个握手的关键。

I request a session with the device UDID and I get a handshake key.

<handshake>23354</handshake>

从这个字符串的服务器，并根据商定的算法客户端上计算的密码（它只是将很难重建）

from this string a password is calculated on both the server and the client according to an agreed algorithm (it just has to be hard to reconstruct)

比方说，现在我加1握手键

Let's say for now that I add 1 to the handshake key

password = 23354

在所有API调用我再与UDID一起传递密码。这将允许服务器每个会话限制一定数量的电话，不是吗？

On all API calls I then pass this password along with the UDID. This would allow the server to limit each session to a certain number of calls, no?

你怎么想的？

推荐答案

没有，这是不可能真正确保只有您的应用程序可以联系您的服务器。有对有些提高栏上的攻击者混淆技术，以及适用于大多数攻击者的工作。你潜在的问题是不可解一个专门的攻击者。您可以在<一个有关此主题的其他职位列表href=\"http://stackoverflow.com/questions/1235171/iphone-how-to-encrypt-a-string/1235242#1235242\">iPhone:如何加密字符串。有您可以在这些岗位使用多种技术，以及你应该如何以及是否攻击的根本问题的讨论。

No, it is not possible to really ensure that only your app can contact your server. There are obfuscation techniques for raising the bar somewhat on attackers, and those will work for most attackers. Your underlying problem is not solvable for a dedicated attacker. You can find a list of other posts on this subject at iPhone: How to encrypt a string. There are several techniques you can use in those posts, and some discussion of how and whether you should attack the underlying issues.

这篇关于安全通信iPhone和服务器之间？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！