we need to send an http post from an iphone device to our server with some info which the device token (APNS) which we want to store. How on the server do you read the HTTP post and store what is in it? We just have a standard ISP hosted server which currently just has a website.
Thanks
There are many ways you could do this. You probably want to store the values in a database. Your hosting account probably has databases. Find out what database software is installed. The chances of it being MySQL http://www.mysql.com/ are high.
Depending on what you want to do with the data, a simple PHP http://php.net/index.php script that accepts POST data, parses and checks it would be fine. However, be careful. You should do some kind of authentication prior to inserting the data into the database. Or maybe the value you are sending to the server is already encrypted and you can verify it that way.
You could also use Perl, Python, Ruby, etc. It depends on what your host supports.
Related
I want to send very sensitive data to a webserver by calling a specific php file with data over GET or POST (not sure yet). The data contains 3 values, so I thought of building an own algorithm, but this could be reverseengineered easily and I guess there are far better solutions than those I have.
The difficulty is basically this: When a user buys a inapp purchase for a Windows App he gets access to this server. MS does not offer any OAUTH check like Google does so developers have to implement their own check. Also we don't have any user accounts.
Do you have any ideas on how to restrict users that haven't bought the purchase from accessing this server php file (which is secure)?
There are lots of 'handshaking' methods you could use. One method that has worked for me:
Open the channel to your server
Server sends a string of random characters to the client
Client hashes the string with a known salt and sends this string back to the server
Server compares the returned string with it's own encrypted version of the original string
If they match then the client session is allowed
This prevents someone from doing a replay attack on your server.
If you want to stick with a typical 'web transaction' then use HTTPS (port 443) to handle your encryption. Another alternative would be to use an encrypted socket to a different port.
I'm trying to make a web chat app for a mincraft server useing this api. The demo script for what I want to do shows the conection info, in plain text, witch will be easyly visible from any clients computer. Is there any way I can store this securely while still having the same functionality? Preferably retrieved from mySQL with php.
setup a proxy that adds the sensitive connection details to the request.
There is no way that i am aware of to do what you are asking in javascript.
Some tutorials about JSON cross-origin proxies may help you as they are similar to your problem.
I am implementing kerberos in php. Here, a trusted authenticating server issues ticket for the purpose of authenticating client to other server. Thus there involves transferring of tickets and ids, etc among the three entities( auth server, client and other server). So now the question is what can be use to transfer data?
For example, the client logs in on other sever. The auth server creates an encrypted ticket for client.Now this must be transferred to the client. similarly client needs to send this ticket to other server, so that other server can verify it.
I have some options like cURL or javascript XHR.
I'm not sure if they can be used in this situation. I seek someones guidance.
Thank you.
I would go with cURL.
If you use Javascript you are exposing URLs where you are going to process data, and this could make a possible security breach.
Ofcourse, you must never trust user-input, but to me it's simple:
Only use server-side
I'm starting a new application that will have a server side PHP and client in Android another (at the moment, and then also probably iphone). The application will only be used from mobile customer applications ie not to be used by web. My question is what would be the best way to login to this mode of operation?
thank you very much
It sounds to me as if the server side will be some sort of API that opens up access to a users data. The easiest method would be sending along a stored username and password with each request. This would only work if the connection your using is secure (https) which brings in the hassle of obtaining an ssl certificate.
Another option would be using OAuth, though your use case seems a little bit different than the standard OAuth use-case. OAuth is a protocol that uses a token based system to establish a users permission to access certain data from an application by another application. In your case you would be in control of both the first and the second application (hence my remark on being different than the standard use-case) Read here for more info.
I think it will be more easier if you use a webservice to make this connection between android and php server
this Presentation may help you ..
you are gonna deal with SOAP and xml or JSON to send data from android to php server.
and this a Video that shows how to deal with REST android Apps.
hope that help.
I think building an API on the server-side would be the best approach. For example a simple REST endpoint might be the way to go.
You can also host the API over HTTPS so that the communications channel is secure.
you need to create PHP web service for that. and while accessing you can pass security key like IMEI of phone for log. I think it can be secured mode for login from Android Phone.
Best practice these days is to set up a simple JSON web service, and use the built in Android HTTP & JSON libraries to interact with this service.
Create a login page in android, take the values from the fields send those values to server using httppost there store in your database and send response from the server
i think you first make a login form on Php server and send it the login and password as soon as user types and php returns the JSON object then read it if login is accepted by server login to application.
another way is when user don't have the net access make some Content providers on android and store the user pass there and match from there locally.
I want to transfer 10 user details from my server database to another server.The other server can call a php page (in my sever) which can supply the needed 10 user details.This should happen in such a way that a user using the site must not understand that the data is coming from another server.
I will recommend using WebService for this purpose. In the Server A (provider) you will code this webservice to serve the users as requested by server B(consumer), So you will be able to consume the services provided by A at any time and being transparent for the USER.
References:
WebService
XML-RPC
SOAP
You can implement JSON-RPC server and client.