0

So I'm trying to make a game for android. It's based on Gazillionaire a game i played when i was a little kid. The game is played with 6 players and it's turn based (so no realtime requirements here). I figured it would be best if i store the data from one turn in a database and have a web application (PHP) that the android client can communicate with. I'm using the buildin apache DefaultHttpClient to communicate with the webserver. I use post variable to give commands like

$_POST['action'] = 'login';
$_POST['username'] = 'username';
$_POST['password'] = long sha256 hash
$_POST['challenge'] = ????; //also thinking about using challenges

This all works fine but. How do I secure my application. I don't want the webserver to be exploided so users can make their own clients.

Do I have to secure my application or am I fine? Anyone have any experience with this type of application?

TFennis
  • 1,393
  • 1
  • 14
  • 23

1 Answers1

1

Also use SSL encryption to communicate with your server! So all your traffic gets encrypted and cannot be read by a man in the middle.

Good article about SSL and custom certificates is here: Trusting all certificates using HttpClient over HTTPS

Community
  • 1
  • 1
Matthias B
  • 5,523
  • 3
  • 45
  • 47