Android Question Know if your app is the genuine caller of php-, remoteSql or another?

KMatle

Expert
Licensed User
Longtime User
Hi guys,

is there a way to secure that your app is the only allowed caller of a php script or other procedures?

Situation: You hav an app which calls a php script on your server. One could disassemble your app and know the calls you are doing. After that he builds another app with the same calls.

I know how to make a login workflow which is very secure but I have no idea how to be sure that the sender is my app and not another.

Can the sign key be used to check this? Any other ideas?
 
Sort by date Sort by votes

KMatle

Expert
Licensed User
Longtime User
Did not find any threads here. Any example to get the key (plus x) by code to use it for authentification?
 
Upvote 0

Douglas Farias

Expert
Licensed User
Longtime User
why dont send a key to your php
if key is correct allow user or no, on the app can you make a cript for this key


B4X: 
    Sub ExecuteRemoteQuery(query As String, JobName As String)
        Dim jobs As HttpJob
        jobs.Initialize(JobName, Me)
        jobs.PostString("http://www.lalala.com.br/query.php?pass=sadmwoidqwmeoije@#!@#!@#@", query)
    End Sub

    Sub checkemail
    ExecuteRemoteQuery("SELECT * FROM usuarios"  , resultjob)
    End Sub

you can make a hash of this key or cript
can you use
http://www.b4x.com/android/forum/th...efficient-key-value-data-store.26317/#content

for put your pass
PutEncyptedObject
GetEncryptedObject
 
Upvote 0

KMatle

Expert
Licensed User
Longtime User
I could disassemble your app, extract the queries (or calls against xyz), put them in an own app and you are in big trouble As I said, I know how to manage users (login/registration). Then I can check in f.e. my php script if the user is logged in in every query. That should be save.

But: How do I check if the sender (I mean the app - not the user) if it's MY APP and not another. Stored passwords in the code won't help.

Maybe the sign key may be used to check (because It is crypted with a password). If yes, how can this be done?
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Article
Android Example Syncing local databases using PHP to access a database on a hosted server
Replies
1
Views
4K
thetrueman
T
  • Article
Android Tutorial B4x / PHP compatibility thread
Replies
7
Views
7K
KMatle
  • Locked
  • Article
B4J Library [B4X] jRDC2 - B4J implementation of RDC (Remote Database Connector)
5 6 7
Replies
138
Views
144K
Erel
  • Article
Android Tutorial For beginners: How to communicate with a server using httputils2 (Part 1: php)
Replies
8
Views
20K
DonManfred
  • Locked
  • Article
Android Tutorial Remote Database Connector (RDC) - Connect to any remote DB
20 21 22
Replies
423
Views
315K
Erel
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…