0

I want to create a backend for my android app with Tapestry5 and this http://code.google.com/p/t5-restful-webservices/ plugin. The app will communicate with the server by calling REST methods both for registered users (that would be easy to secure I guess) as well as unregistered users. Now of course I don't want people to just call that webservice from a browser.

How can I make sure that only my app can make calls to this backend?

4

2 に答える 2

1

checking for the users UA could help...

于 2012-09-25T09:36:37.330 に答える
1

I can think of 2 approaches:

Use SSL to secure the connection. SSL can do a handshake checking the credentials. To authenticate the user you can use a certificate or a PSK.

Or you can simply create a Hash (SHA or MD5) of your data and include a key. This is called hmac. A reverse engineer may get the Key cause you have to hardcode it in your code.

于 2012-09-25T10:05:57.233 に答える