带有服务器后端的iPhone应用程序 - 如何确保所有访问仅来自iPhone应用程序?
我不介意盗版等等,但我想确保后端(基于Rails)不对可以DOS等的自动化服务开放。因此我想简单地确保所有访问权限到后端(这将是对GET和PUT数据的一些REST查询)将通过有效的iPhone应用程序,而不是在机器上运行的某些脚本。
I don't mind so much about pirating etcetera, but I want to ensure that the backend (Rails based) isn't open to automated services that could DOS it etc. Therefore I'd like to simply ensure that all access to the backend (which will be a few REST queries to GET and PUT data) will be via a valid iPhone application, and not some script running on a machine.
I我希望避免使用帐户,以便用户体验无缝。
I want to avoid the use of accounts so that the user experience is seamless.
我的第一个目的是将UDID和秘密一起散列,并提供(以及UDID) )通过HTTPS连接到服务器。这将允许创建经过身份验证的会话或返回错误。
My first intention is to hash the UDID and a secret together, and provide that (and the UDID) over a HTTPS connection to the server. This will either allow an authenticated session to be created or return an error.
如果被窃听,则攻击者可以获取哈希并重播它,使此方案可以重播攻击。但是,HTTPS连接不应该保护我免受窃听?
If eavesdropped, then an attacker could take the hash and replay it, leaving this scheme open to replay attacks. However shouldn't the HTTPS connection protect me against eavesdropping?
谢谢!
就像bpapa说的那样,它可能是欺骗性的,但是,就像你说的那样,你并不担心这一点,就像任何人一样,只是连续向你的服务器发送一千个请求,而你的服务器处理每一个。
Like bpapa says, it can be spoofed, but then, like you say, you aren't worried about that so much as anybody coming along and just sending a thousand requests to your server in a row, and your server having to process each one.
你对哈希的想法是一个好的开始。从那里,您还可以将当前时间戳附加到预先哈希值,并将其发送。如果给定的时间戳与服务器的当前时间不同超过1天,则禁止访问。无论如何,这会在一天以后停止重播攻击。
Your idea of the hash is a good start. From there, you could also append the current timestamp to the pre-hashed value, and send that along as well. If the given timestamp is more than 1 day different from the server's current time, disallow access. This stops replay attacks for more than a day later anyway.
另一种选择是使用随机数。任何人都可以从您的服务器请求一个nonce,但是在将哈希发送到服务器之前,设备必须将其附加到预哈希数据。生成的nonce必须存储,或者可能只是服务器的当前时间戳。然后,设备必须将服务器的时间戳而不是自己的时间戳附加到预先散列的数据,从而允许比重播攻击发生的整天更短的时间。
Another option would be to use a nonce. Anybody can request a nonce from your server, but then the device has to append that to the pre-hash data before sending the hash to the server. Generated nonces would have to be stored, or, could simply be the server's current timestamp. The device then has to append the server's timestamp instead of its own timestamp to the pre-hashed data, allowing for a much shorter period than a full day for a replay attack to occur.