确保对网络服务的独占访问 [英] Ensure exclusive access to webservice

问题描述

为了安全起见，确保只有我的应用程序可以访问托管在公共服务器上的网络服务的最佳做法是什么?我应该实现我共享的密钥还是什么?

Just to be on the safe side, what's the best practice to ensure that only my application has access to my webservice, which is hosted on a public server? Should I implement I shared key or something?

我的网络服务托管在 Google 的 App Engine 上，我的应用程序在 iPhone 和 iPad 上运行.

My webservice is hosted on Googles App Engine and my Application runs on iPhones and iPads.

如果您需要更多信息，请询问.

If you need further information, just ask.

谢谢，亨利克

推荐答案

某种质询/响应身份验证将是您最好的选择，但您可以使用像随每个请求一起发送的密钥这样简单的东西.不过，对于使用数据包嗅探器的人来说，对安全性进行逆向工程可能很容易 - 我想你花在它上面的时间将与你真正关心的程度有关:)

some sort of challenge/response authentication would be your best bet, but you could use something as simple as a key that's sent with every request. it might be quite easy for someone with a packet sniffer to reverse engineer that security though - i guess the amount of time you spend on it will relate to how much you really care :)

这篇关于确保对网络服务的独占访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！