Creating secure connection between Flutterapp and PHP Backend

Question

I want to build an app with flutter. As a backend I want to use my own PHP Backend, which sends me the data in a JSON-Format. For Authorization I want to use JWT. Now the question: By creating a user account, I send the Email, Password, Name etc. from the flutter application to the server which validates the information. But when I can do that from my own app, can´t anyone else create an account as well and can spam my databases with unnecessary accounts for example? Or is there another way to do that? Please let me know...

Answer 1

This is not just a flutter problem. Suppose you have a web application and a form asking the user to register. Who is stopping people from flooding your databases using that form.

What you need is some sort of verification mechanism before a user submits the registration form. This will limit auto spamming of your database by bots. Other than that you can not stop people from signing out of their current account and creating a new account and login with that. Take WhatsApp as an example. A user can logout and create a new account with a new phone number. WhatsApp uses OTP as an authentication mechanism.

You can also write code for identifying inactive accounts and deleting them from database. But this approach may also affect genuine account that are inactive over a period of time.

On your App You can check for device id and restrict user from sending more than a number of registration requests from a given device. But this again is not full-proof. There are workarounds to manipulate device ids.