Reputation: 1604
iOS app logging in via MySQLi
I'm creating an app wherein the user can access a database using PHP and MySQLi.
For creating the account I create a url string with the parameters appended on the end which is then read using $_GET in my signup.php file and added to the database (I'll be adding things like email activation later).
Two questions:
Is there a problem using
$_GETin this fashion? since I'm appending the email and password to the url string, I feel its not secure, but since its inside the app I'm not as sure.How should I handle the login? The way I was thinking was to use
$_GETmethod again and using this information in a query to check for matching results then return a message which the app would pick up to log the user in.
Upvotes: 0
Views: 118
Answers (1)
Reputation: 33369
- Is there a problem using $_GET in this fashion? since I'm appending the email and password to the url string, I feel its not secure, but since its inside the app I'm not as sure.
You're right. It's not secure. Anybody on the same wifi network as the device can see the password.
How should I handle the login?
Buy an SSL certificate for the server and use https. This will make what you're doing secure.
There are no other alternatives, SSL is the way to go.
Upvotes: 1
Related Questions
- How would I authentication users logging in to my iOS app with alamofire in swift 5?
- How to get swift to work with an existing php/mysql hashed passwords
- Connect to an online database (mySQL) from Swift, using PHP. (XCODE)
- Swift: How to query an external database to perform login?
- Connecting an iOS app to a database using Swift, SlimPHP and MySQL
- Authenticating Iphone Login with PHP/MySQL and HTTP Responses
- How to authenticate user in iOS app and get data from Wordpress database?
- Authenticating on php script from iOS/iphone application
- Log into Webserver from Iphone App?
- XCode, Authentication and NSUserDefaults