I know the idea of JWT. But I have to work with both, PHP as a client which will send data to Node.js API and receive data back.
I know it is trivial if you are using JWT inside PHP only or Node.js. But is it possible to send from PHP to Node.js API?
Yes, it is, the validation may be an security issue in some cases, but you could do it with as secret or using certificates.
Related
I want use POST to Transfer data between PHP server and Android client, how to improve security? For example, how can you ensure that believable and successful access to the server API can only be my Android client?
because of app have Login mechanism, so I think I should add the account verification code in every post(It consists of user password and so on, may be encrypted by MD5), Then every POST have clear sources, if the source is invalid(don't have verification code or it's wrong), Server denial of service. Is this feasible?
I would recommend setting up a RESTful web service first of all. This would allow you to filter requests coming from the Android client by their method, for example only handing POST for certain end points.
If you knew that only an Android client would be accessing your server you could also enforce that a "client" or "auth" token (simply a JSON property) must be sent with every request and you would then only supply this token to the Android client implementation and refuse any attempt to access your server which didn't include the token.
It's also important not to access superglobals such as $_POST in PHP directly, instead use filter_input().
This is just a suggestion and there is much more you can do.
I have two applications, one in PHP and other in Meteor, My requirement is that when a user is created using PHP application, it should be also sync/add to the meteor application.
I have knowledge in meteor, but not in PHP, I am looking for creating a method in PHP, so that it can send a http or similar request with all user information to my meteor application(method), and here I can query for existing user or add a new one, is this approach possible or have some other way possible, if possible then please give me an idea how I can send request from the PHP side and get this request in meteor and accomplish my requirement.
Yes, it is possible. Create a function in PHP that would do a POST request using curl and it will send the data to and endpoint where your meteor application will take over. You can google how to send POST requests from PHP and the first link will give you an answer.
Just make an endpoint ready from your meteor app to receive the data from PHP app.
I have a PHP server with some .php files. Swift iOS application send POST request to server and get some response in JSON. PHP files on server do some work with MSQL.
The question is:
How to provide good security when do some request?
I thinking to create some let API_KEY = "dakhye8k3id9" and send it with request to server. But is it secure? (Decompilers ect.). Maybe there is some other approach?
To give some string tokens is also not good idea because I store it in NSUserDefaults.
I have an API written in PHP that works by receiving HTTP POST requests, the API will then process the request and output some XML.
I have an Android application that is communicating with this API successfully.
My question is how do I make this secure?
I was looking into using OAuth, but for PHP it uses a library that is not available to me.
Plus as the API is not public and only to be used by external applications created by myself, this seems a bit overkill.
What other suggestions would you recommend? I was looking at sending an API key/signature along with the POST request.
It should be done the same way you make javascript calls secure. You use sessions. You should be able to send and receive headers, why not accept cookie-like data? At least session_id. Securing with SSL for open wifi hotspots would also be very beneficial if you use symmetric authentication.
OAuth has a different purpose - its when your website starts to host third party applications that users want to use without giving this app own password.
I'm starting a new application that will have a server side PHP and client in Android another (at the moment, and then also probably iphone). The application will only be used from mobile customer applications ie not to be used by web. My question is what would be the best way to login to this mode of operation?
thank you very much
It sounds to me as if the server side will be some sort of API that opens up access to a users data. The easiest method would be sending along a stored username and password with each request. This would only work if the connection your using is secure (https) which brings in the hassle of obtaining an ssl certificate.
Another option would be using OAuth, though your use case seems a little bit different than the standard OAuth use-case. OAuth is a protocol that uses a token based system to establish a users permission to access certain data from an application by another application. In your case you would be in control of both the first and the second application (hence my remark on being different than the standard use-case) Read here for more info.
I think it will be more easier if you use a webservice to make this connection between android and php server
this Presentation may help you ..
you are gonna deal with SOAP and xml or JSON to send data from android to php server.
and this a Video that shows how to deal with REST android Apps.
hope that help.
I think building an API on the server-side would be the best approach. For example a simple REST endpoint might be the way to go.
You can also host the API over HTTPS so that the communications channel is secure.
you need to create PHP web service for that. and while accessing you can pass security key like IMEI of phone for log. I think it can be secured mode for login from Android Phone.
Best practice these days is to set up a simple JSON web service, and use the built in Android HTTP & JSON libraries to interact with this service.
Create a login page in android, take the values from the fields send those values to server using httppost there store in your database and send response from the server
i think you first make a login form on Php server and send it the login and password as soon as user types and php returns the JSON object then read it if login is accepted by server login to application.
another way is when user don't have the net access make some Content providers on android and store the user pass there and match from there locally.