CODEWITHSUNDEEP
phpandroid.htaccesswebserver
user2587774
user2587774

Reputation: 127

Allowing only a particular protocol to view webpage

I was developing an android application and I was wondering if there is anyway to prevent or make it harder for users to view a particular web page.

E.g. my application goes to mysite.com/info.php, this info.php displays the URL and data of the location of my videos.

I wish to prevent users from obtaining this URL and getting the videos other than by the android application. Is there anyway to do this?

I've thought of using a .htaccess file and a user/pass but realized that it would be possible for someone to sniff the user and pass from outgoing connections.

I wonder if anyone has the solution for this?

Upvotes: 1

Views: 98

Answers (2)

edtech
edtech

Reputation: 1754

You can try to keep tokens with the limited time of validity and add hash of token concatenized with "secret" key to each query of your Android application to your site.

For example, you can create a small script on the server which will generate tokens with limited validity time:

gettoken.php:

 <?php

 $token = date("YmdH");

 echo $token;

 ?>

Then, to make query to your site, your Android application should get this token and make a hash from token, concatenized with "secret" string.

If you could use php for this, this could be looks as this:

 <?php

 $token = file_get_contents("http://yoursite/gettoken.php");
 $secret = "secretkey";
 $hash = md5($token.$secret);

 $content = file_get_contents("http://yoursite/&hash=".$hash);

 /// use $content contains a page of your site

 ?>

And your site should check the hash this way:

 <?php

 if(!isset($_REQUEST['hash']))
   die();

 $token = date("YmdH");
 $hash = $_REQUEST['hash'];
 $secret = "secretkey";

 if(md5($token.$secret)!=$hash)
   die();


 /// .... your content here


 ?>

In this example, token will be changed each hour, so if someone sniffs the hash, it will be valid no more than one hour.

Upvotes: 0

Jim
Jim

Reputation: 10278

If you're loading web pages in an app (and not from a browser) then extend WebView like this:

Android Webview loading other URLs

in the "shouldOverrideUrlLoading" method you can filter whatever you like - based on server, directories, pages, etc.

.htaccess mods require rooted access or Android mods (like cyanogenmod). Also, you can customize the web experience in the webview. Here are the basics:

Customizing Android Webview class

Upvotes: 1

Related Questions