在PHP代码或iOS应用程序代码中存储密码的位置?
Not sure if this is totally code related, but at the least, it's somehow programming/security related.
I have an iPhone mobile app, which sends/retrieves info to/back from my server, which uses PHP to query database. The database needs username and password, unsurprisingly. My question is that I should put the credential in my PHP code or in my iOS app code. If put into PHP page, good thing is that it's on the server, nobody can view the PHP code and gets password, but anyone knows the PHP page can play with it and therefore mess up my db. If put into app code (pass the password to PHP via parameter), good thing is that the PHP page won't function unless password is passed via parameter, but there are couple of disadvantages, I think: password in URL is not safe and password in iOS app in a jail-brake device is not safe either.
One I know a little bit but don't have much know-how is to hash my password in iOS app code, and before passing it to PHP.
不确定这是否与代码完全相关,但至少,它与编程/安全性有关。 p >
我有一个iPhone移动应用程序,它从我的服务器发送/检索信息,使用PHP查询数据库。 毫不奇怪,数据库需要用户名和密码。 我的问题是我应该将凭证放在我的PHP代码或我的iOS应用程序代码中。 如果放入PHP页面,好的是它在服务器上,没有人可以查看PHP代码并获取密码,但是任何人都知道 PHP页面可以使用它,因此搞砸了我的数据库。 如果放入应用程序代码(通过参数将密码传递给PHP),好的是除非通过参数传递密码,否则PHP页面将无法运行,但有 我认为有几个缺点:URL中的密码不安全,并且在监控制动设备的iOS应用程序中的密码也不安全。 p>
我知道一点但是不知道 有很多专业知识可以在iOS应用程序代码中哈希我的密码,然后再将其传递给PHP。 p> div>
There's lots of ways to do this, I've recently done an app similarly myself. First off, the credentials should definitely live on the server. What you should do is use some sort of hash. The iOS app generates a hash based on several things, a bad example would be
md5('supersecretkey' . 'asd123')
The first key is in the PHP code and iOS code, the second is randomly generated. So the app calls the script like this:
script.php?hash=1a79a4d60de6718e8e5b326e338ae533&key=asd123
The script does the function above with the key and the secret key, it now knows that it must have been the iOS app that generated it.
This is a really simple example of one way of thinking about it, in reality someone could still just decompile the iOS app and get the string, it depends how much you think people are going to try and reverse engineer whatever it is you are writing.
Do you want to release an update to your iOS app just because you have a need to change the username or password for your database? Not every one will update.
Your iOS app shouldn't even know there is a database involved behind the website.
Definitely put the database password on the server.
but anyone knows the PHP page can play with it and therefore mess up my db. ... password in URL is not safe and password in iOS app in a jail-brake device is not safe either.
Neither one of these should be considered an acceptable solution as you are relying on all of your users to be well behaved in both cases. You absolutely should not trust your users with your database credentials by including them in your clients. Additionally you should not trust your users to provide only well formed and valid input which will not "mess up" your database.
You should be enforcing authorization and validity checks on any request from a client to verify that the requesting user is authorized to make that request or change and that any change they are making appears reasonable. Regardless of where credentials are stored you should not honor requests to drop the database, overwrite your high scores list, fetch data belonging to other users, make moves as other players, or whatever else a client can ask for unless those are actually permitted actions in the system you are building.