Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I'm developing a mobile application using Titanium Studio and the server side is written in PHP. I want the app to get data from the server and display them to the user?
What approach is good for this case? I'm thinking of using a REST API, however the app will display data before the user has logged in, only certain parts are required to login first. How I want it to behave:
Fetch data from the server via the client app I've built only, no other access possible
Login the user through the app client -> server. How do I do this using an API?
The API isn't public to everyone, just the app I've built.
To answer your points:
(1) A REST API which returns JSON/XML etc can be used by your client app. If you want to restrict access to the REST service to your mobile clients only, then an authentication token can be passed with the client requests
(2) Same as above, you can have a login method to validate the user, and then return an authentication token which may be used while requesting subscription/secure data
(3) Unless you have made the API/URI public it is not known to others. And this is where you can pass a GUID token or reference string from the client to the service and the service will know the requests are coming from your clients.
Hope this answers your questions.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 months ago.
Improve this question
I am building a desktop application that will have a settings screen in web. If the user click on the settings button it shall open laravel web application and shall authenticate automatically. So I need a deeplink to login directly into the application and redirect user to settings page.
Is there any way to solve this scenario with laravel Auth or any further suggestions?
I guess that for deep link you mean "very long and difficult to guess url".
I suggest you to manage the access using an authentication token (is generally used for API, but also "remember me" functionality use a token stored in cookie) and make it possible to configure the token in the desktop application.
this allow you to:
disable a token at any time
create different tokens for different users
much better security compared to hidden url
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I am developing an android application (begginer) that will manage a database on a server using http requests to a php file system.
My question is: What is the best way to restrict traffic to those php files? because I only want those php files to be executed by requests from my application and not by request from other programs(postman),services, etc ...
You will not be able to disallow your API for any particular client. You can reject the request based on the source IP or port, the headers including user agent, API keys or other credentials, but if your API can be accessed at all, then it can be accessed by postman or any other client using the same data.
To limit the way how people can access the data you can add API keys and user credentials, but the same user with the same API key and credentials will be able to access your API using any other software and there is no way around it.
One thing you could do would be to e.g. require some headers that are restricted for postman - see Restricted headers and cookies in the Postman documentation:
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I'm a web designer.
I have a site like to a forum.
so I want to create a app for my user.
The app just show and insert my website date(mysql).
normal function
member login
member reg
post topic
reply topic
search topic
a message box function (user send user)
admin user will delete topic
maybe function
maybe I need mobile phone push message function, maybe user's topic anyone reply
I know phonegap has PushPlugin
that plugin can do that?
.
My skill just php,mysql,html,css, a little js
I can create function 1-7 in mobile version website. But I don't know how to make to a apps.
These are my case
You have any suggestions?
I should learn native app or phonegap?
if native I need learn ios and and android, I need ios version and android version
Phonegap can do the trick for the mobile app.
But since you're new to apps development, keep this piece of advice in your mind.
Data storage based apps never use direct storage on mysql, a hacker can revert your code and extract your database password and you're done for that.
always think of using API for reading data and Authentications like oAuth2 for insertions.
Good luck !
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
i have an android app that sends data to my web server (data is processed by php and stored in mysql db). for security reasons, i need to verify that the user sending the data is who he/she says he/she is.
i do not want to verify login/password, i would rather use the phone's registered (account manager) google account with something like federated login. i played around with nick johnson's example for GAE, but it is specific for GAE based apps and does not permit integration with my own server API's, therefore authentication does not work (i get a google authToken, but it is meaningless for my server API).
from what i understand, the safest+simplest solution would be to use OAuth.
but i am completely stumped trying to understand OAuth (i understand its concepts, but have not been able to find any example that i could implement).
does anyone have anything like a functional example that i could play around with and tweak for my needs? thanx in advance!
when ever a user login or use your app first time , you should capture his/her device mac address, and store it to the database, and you can easily authenticate user using this mac address
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I've built a website that authenticates users via facebook.
The way I've set it up is like this: The website uses the facebook JS SDK on the front end, and when the user authenticates with facebook their access_token is sent to my server via an ajax call (using HTTPS for security) - where the graph api is queried and their session is initiated server-side (Using a database for secure session storage of user data).
Can anyone think of any potential problems this approach might lead to? Thanks!
This is a very common scenario. The only issue is that unless you request offline_access that token you get is only valid for an hour.