0

I am really new to mobile development so something is really unclear for me. I have iOS app that uses POST requests to my PHP script.

For example: I want to update some data on server. So I make POST request that contains id of record in database and it's new value.

How can I protect my server from unwanted POST requests? I know about sessions in PHP but how it can be implemented in swift and iOS programming.

moonvader
  • 19,761
  • 18
  • 67
  • 116
  • Possible duplicate of http://stackoverflow.com/questions/1918435/restricting-access-to-server-to-iphone-app or http://stackoverflow.com/questions/14114285/restrict-access-to-web-service-to-only-allow-mobile-clients. – Martin R Aug 02 '15 at 07:11
  • sorry - none of this question have answer for my question. Or they have some ideas that are unclear for me. – moonvader Aug 02 '15 at 07:17
  • Those answers are appropriate. Rewrite your question to explain what you don't understand about them. – Wain Aug 02 '15 at 07:50
  • I don't understand how can i protect my script. – moonvader Aug 02 '15 at 08:07

1 Answers1

1

Maybe you should make a "database" which will contain device ids from your app users (device id will be added to this base on the first time of app running), then you will use this id in each request to your server and by php script you will check if $_POST['id'] contains in your base or not. If not you can make a random answers from script to make a man investigated your app confused. So, ofcourse if id not found in base - any doings with database updates are ignoring so it does not matter what value in other post fields is. It`s just thinking)

SwiftStudier
  • 2,272
  • 5
  • 21
  • 43
  • Thank you! But what happened if i can capture your POST request, modify and send it to server again and again? – moonvader Aug 02 '15 at 07:58
  • Hmm, really good question. Other ways I'm thinking about is to generate a random string with length above 100 symbols for example. But such random when first 79 symbols will be random, then 80th symbol will be "k" for example, and other 20 will be random too. In script you`ll check the 80th symbol if it "k" or not. I think it hard to understand such algoritm and reproduce requests, maybe I'm wrong.. – SwiftStudier Aug 02 '15 at 08:05
  • How it solves this problem? Hacker can copy this random string with other POST parametrs. – moonvader Aug 02 '15 at 08:10
  • For me I'm using data encryption functions which can be brung from public but modified such that public decrypt-functions does not work. In this case I dont need any hashes and random strings because hacker can not encrypt data which will damage server database because he has no a key for encryption-decryption. – SwiftStudier Aug 02 '15 at 08:16
  • And if he decompiles your app? – moonvader Aug 02 '15 at 10:21
  • Encrypting key can be too encrypted. I dont think that app can be decompiled to first view as I see it in xcode so its not hard to hide this key. In my desktop apps such algoritm works fine more than for 4 years – SwiftStudier Aug 02 '15 at 10:31
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/84923/discussion-between-moonvader-and-swiftstudier). – moonvader Aug 02 '15 at 10:52