如何从服务器验证客户端的身份?
我使用 Rails 作为 iOS 应用程序的服务器.目前,它从应用程序向服务器发起一个网页的 URL 请求以获取数据.我的问题是,如何保证只有我的应用程序可以访问服务器,而不能从我的服务器的客户端/应用程序/浏览器中获取任何内容?
I am using Rails as my server of an iOS application. Currently, from the App, it launches an URL request for a web page from the server to get the data. My question is, how can I guarantee that only my App can access the server, one can't get anything from the clients/apps/browsers from my server?
我的服务器不使用 Rails,我使用 PHP.但我认为方法是一样的.为您的请求添加一种键.我总是将其作为 POST 值.在您的应用程序中对此密钥进行硬编码.在 PHP 中,我在服务器上的脚本第一行执行以下操作:
I don't use Rails for my Server, i use PHP. But I think the approach is the same. Add a sort of a key to your Request. I do it always as a POST value. Hardcode this key in your application. In PHP I do the following on my server in the first line of the scripts:
if ($_POST['secret'] != "YOUR_KEY") {
die('You are not allowed to use this Webservice.');
}
我使用字符串作为UKZ6b79MKHK"而不是 YOUR_KEY 等等......到目前为止它对我的东西有效.;-)我希望我的回答对你有所帮助,即使它不是 Rails.
Instead of YOUR_KEY I use strings as "UKZ6b79MKHK" and so on... So far it worked for my stuff. ;-) I hope my answer hepls you even if it's not Rails.
桑德罗·迈耶