0

Recently I read quite a lot about SSL, but all articles concerned webpages. Let's suppose I'd like to make an internet service with webpage, mobile app and C++ windows app. Users must have their accounts, so they need to send to a server data like username, password, etc. As a webpage I'd like to have Angular app and some backend technology (Node for example). Windows and Android app will use the same backend server as Angular, and they will connect to it by REST API. If I install SSL on the server, where web apps are stored (both front-end and back-end), all the data sent in HTTPS requests should be safe. But what about the data sent from Android app and Windows app (made in MFC in my case)? If I have understood those articles well, internet browsers encode sent data, and decode received one themselves. But do I need to handle HTTPS connection in Android and Windows application myself?

Olafinsky
  • 13
  • 1

1 Answers1

0

For android, if you will use self signed certificates, you'll have to express how to handle that on your app. See how it's explained here https://stackoverflow.com/a/997495/4242450. But overall if you are using trusted certificates, there's no need to worry about SSL handshakes, encryption or decryption data for yourself.

Here's a piece I found on https://developer.android.com/training/articles/security-ssl

Assuming you have a web server with a certificate issued by a well known CA, you can make a secure request with code as simple this:

val url = URL("https://wikipedia.org")
val urlConnection: URLConnection = url.openConnection()
val inputStream: InputStream = urlConnection.getInputStream()
copyInputStreamToOutputStream(inputStream, System.out)
sduduzo gumede
  • 113
  • 1
  • 2
  • 11
  • Ok, so if I understood that well, if I have a server with SSL/TLS certificate, I don't need to worry about data safety sent from windows or android app through REST API to the server? Indeed, the most important for me is preveting MITM attacks or reading user data, like it can be done with Wireshark. So in my applications all I need to do is connecting to the server with TLS through https? – Olafinsky Dec 08 '19 at 17:55
  • As long as your server doesn't allow http which you must make sure it doesn't, you're okay. Make sure that you configure your server to redirect all http calls to https. – sduduzo gumede Dec 08 '19 at 18:06