How to protect a server that is used for a mobile app

0 投票
最新提问 用户: (120 分)

Im am looking for input in how to protect a server that's used for a mobile app. So say you have a php file at www.mydomain.co.uk/insert_user.php that takes parameters and inserts them into a database. Is there anyway to stopping everything accessing that url apart from the app?

People could just keep hitting the url with different parameters until they get through.

My idea was to keep a number in a database as a passcode. When the app launches download the passcode and save it. Then every time a php script is called, pass the passcode and check it with php.

<?php
//Get the passcode
$passcode = "";
$sql = "SELECT `passcode` FROM `security`";
$result = mysqli_query($conn, $sql);

if (mysqli_num_rows($result) > 0) {
    while($row = mysqli_fetch_assoc($result)) {
        $passcode = $row['passcode'];
    }
}

//Check the passcode
if($passcode != "2345645756536875645654634545756786756765456345345") {
//exit if passcode isn't correct
    exit();
}
//Carry on with the reset of the script

This way I can update the passcode in my database every so often. The only problem is when the app calls the php script to get the passcode you couldn't do any checks.

The other thing I was thinking was to do the same thing but just use a really long number instead of having it in the database.

<?php
$passcode = $_REQUEST['passcode'];
//check passcode
if($passcode != "1244354565785874655463453465876565445645645867567456456") {
    //if it is wrong exit from the script
    exit();
}

This way there isn't any transfer of the 'passcode' as it's hard coded but I wouldn't be able to change it so easily.

Am I just overthinking this to much. I have seen that you can check with php if its a mobile browser that has accessed the script. Is there a much easier way that the php scripts will only allow calls from my app? Or should I not worry able people being able to access the url from a computer?

Thanks!

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...