Reputation: 8916
What are my options to provide minimum privacy security with URL requests from iOS or Android app to server?
I am starting having jitters about the way how our software is being implemented. Particularly we seem like passing email and user name as URL parameters. I realize that for mainstream users that should be no problem but people who steal stuff they are not mainstream users. And while I understand that it's a difficult problem, I still want us to have something that would not be so obvious.
One thing that comes to my mind is switching to POST requests and HTTPS. Sound simple and widely used. We are using Google App Engine as out backend and it does support SSL according to this:
https://developers.google.com/appengine/docs/java/config/webxml#Secure_URLs
I realize that it doesn't really help much because there are still ways to overcome that but at least it's an obstacle.
What other options may I have? Or should I forget about this and just stick to simplicity of URL parameters?
Upvotes: 0
Views: 66
Answers (1)
Reputation: 179
Don't pass credentials or other sensitive information as URL parameters: any intermediary proxy will be able to capture the credentials. Using POST with SSL is the safe, standard way to do it.
Upvotes: 2
Related Questions
- Rest API security for mobile apps
- How to secure the server URLs in Android application
- Google App Engine: secure inter-app communication
- Using endpoints or HTTP requests
- Securing Google App Engine Endpoints
- Turn based server for iOS/Android App using Google App Engine
- Methods of transferring data securely between an iPhone app and an Arduino server
- What is the easiest and most secure way to secure HTTP API calls on Android and iOS?
- Easiest secure Android server backend
- How to architect a simple authorization scheme between IPhone and server?