All geek questions in one place

Web Services Security

Hi, I have a question about security and web services.

I need a web service to provide an interface for the mySQL base database. I am trying to get a Blackberry application to store data in the mySQL database of web servers through a web service.

My question is: how can I guarantee that the bb application is the only one that uses the web service? The web service will significantly insert data into the table. I want to make sure that only the bb application is allowed to use this service, and not the one who finds out this service and starts sending my table.

Any pointers, recommendations or links are welcome.

And which web service is best suited for this scenario?

+3
source share
6 answers

I'm going to suggest that the BlackBerry app is also made by myself. How you can do this is to create a sequence or hash that can only be created by your application, which the web service can verify. For example, at the beginning of the process, or better for each step, the web service sends a key sequence that displays the internal dictionary in your application using the method to make a unique hash.

Then the flow will be as follows:

  • Performing a data task in BB application
  • Willingness to transfer data to a web service
  • Create a unique hash from the data + your own information from the associated dictionary
  • Transferring data using the key
  • - . , , , , .
  • .

: , WS.

. .

+1

SSL. / , SSL- , .

+1

net.rim.device.api.crypto.HMAC HMAC . SSL- Blackberry , BES ( , ).

+1

- REST HTTPS, . Blackberry, , HTTPS .

0

- SOAP, ws-security.

0

SSL . . , .

, , -, - . / .

, , . , (, ssl) , /. , , - 1 . , , .

. 15 40 - .

0

Source: https://habr.com/ru/post/1722875/

More articles:


All Articles