ColdFusion和移动应用程序结构和安全 [英] ColdFusion and Mobile Application Structure and Security
问题描述
概述
我打算使用HTML5,jQuery和ColdFusion开始开发iOS应用。我的理解是,让jQuery调用ColdFusion API的所有后端功能。大!我的问题主要是关于网页结构和API安全性。
I'm looking to start developing iOS apps using HTML5, jQuery, and ColdFusion. My understanding of this is to have jQuery call the ColdFusion API's for all of he back-end functions. Great! My question is mostly about the page structure and API security.
应用程序结构
在我的头中,我建议应用程序的实际结构应类似于:
In my head I suggested that the actual structure of the app should be similar to this:
<html>
<head>
<script src="http://foo.bar/path/to/jquery.js"></script>
<script src="http://foo.bar/path/to/api.js"></script>
<script src="http://foo.bar/path/to/anyother.js"></script>
</head>
<body>
...
</body>
</html>
这个想法是为了组织目的。我不想在实际应用程序中包含任何API调用。我希望它位于远程机器上。这将允许我进行编辑,而无需将应用重新提交到应用商店。
The idea of this is for organizational purposes. I don't want to include any API calls inside the actual app. I would like it to be located on a remote machine. This will allow me to make edits without resubmitting the app to the app store.
安全
这种结构是否具有安全风险?有什么我可以做的,以加强这种安全吗?也许只允许来自移动设备的API调用?或者可能需要某种键?
Will this structure be a security risk? Is there anything I can do to enhance the security of this? Perhaps only allow API calls coming from a mobile device? Or perhaps require some sort of key?
此外,当涉及到实际的API本身。该功能的安全性如何工作?
Also, when it comes to the actual API itself. How would the function's security work?
<cffunction name="newRemoteResponse" access="remote" output="false" returntype="struct">
....
</cffunction>
您建议使用哪些参数来确保最安全?
What parameters would you recommend to make this the most secure?
推荐答案
当您通过移动应用程序对CF进行XHR调用时,会话将受到尊重。这意味着您可以使用XHR调用登录方法,在登录时设置会话var,然后在其他 CFC方法中,确保会话值存在,然后返回任何数据。
When you make XHR calls to CF from your mobile app, sessions will be respected. That means you can use XHR to call a login method, set a session var on login, and then in other CFC methods, ensure that session value exists before you return any data.
这篇关于ColdFusion和移动应用程序结构和安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
