Android 中的 Web 服务器通信安全
所以我正在尝试制作一款安卓游戏。它是根据我小时候玩过的游戏《Gazillionaire》改编的。该游戏由 6 名玩家玩,并且是回合制的(因此这里没有实时要求)。我认为最好将一轮数据存储在数据库中,并拥有一个 Android 客户端可以与之通信的 Web 应用程序(PHP)。我正在使用内置 apache DefaultHttpClient 与网络服务器进行通信。我使用 post 变量来发出这样的命令
$_POST['action'] = 'login';
$_POST['username'] = 'username';
$_POST['password'] = long sha256 hash
$_POST['challenge'] = ????; //also thinking about using challenges
这一切都很好,但是。我如何保护我的应用程序。我不希望网络服务器被破坏,这样用户就可以创建自己的客户端。
我是否必须确保我的申请安全,或者我可以吗?有人有此类应用程序的经验吗?
So I'm trying to make a game for android. It's based on Gazillionaire a game i played when i was a little kid. The game is played with 6 players and it's turn based (so no realtime requirements here). I figured it would be best if i store the data from one turn in a database and have a web application (PHP) that the android client can communicate with. I'm using the buildin apache DefaultHttpClient to communicate with the webserver. I use post variable to give commands like
$_POST['action'] = 'login';
$_POST['username'] = 'username';
$_POST['password'] = long sha256 hash
$_POST['challenge'] = ????; //also thinking about using challenges
This all works fine but. How do I secure my application. I don't want the webserver to be exploided so users can make their own clients.
Do I have to secure my application or am I fine? Anyone have any experience with this type of application?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
还可以使用 SSL 加密与您的服务器通信!因此,您的所有流量都会被加密,中间人无法读取。
关于 SSL 和自定义证书的好文章在这里:信任所有证书使用基于 HTTPS 的 HttpClient
Also use SSL encryption to communicate with your server! So all your traffic gets encrypted and cannot be read by a man in the middle.
Good article about SSL and custom certificates is here: Trusting all certificates using HttpClient over HTTPS