What is the best way to create a mobile application that communicates with a Webserver?

Asked

Viewed 784 times

6

I’m developing an app mobile which should contain the same content of the website, and it is necessary that the same database (Mysql) used by the site is also used by the mobile application.

I believe creating a direct app connection mobile (Android) to the remote database would be a security breach as anyone could open the apk and discover the connection data, so it would be necessary to create a Webservice exclusively for this data transfer, but also in my concept would have the same defect: security, because anyone could access it and send or receive information.

What is your best technique for transferring data between a Webservice and an application mobile whereas this webservice must be "closed" to external and not authenticated access.

php android web-service

  • What is the language of the service code on the server?

  • 1

    PHP - Laravel 5.1

  • Search Cordova Phonegap, the learning curve is smaller and can be used javascript.

  • @Rboschini, I believe you have misunderstood, I am not asking how to develop a mobile application, but how to create a web service to provide a communication between the application and the force database secure and authenticated.

  • Sorry, buddy, I really got it wrong. But about consuming webservice safely, I would do User’s Digest method and my Ws responding in json. The server provides a token and you can consume the data while this token is valid, same as the facebook API.

2 answers

3


Once you need to create a web service/API for mobile client access, your web service becomes public. And public webservices will always be subject to unauthorized access since in order for your application to necessarily contain the information to be able to access it.

However, there are techniques to make your access data less vulnerable. The most common is the use of Proguard to obfuscate your code in case of reverse engineering. SSL to prevent mitm and more advanced sniffers and encryption as HMAC authentication.

But none of it is 100% hacker proof.

  • But how does mobile apps such as Skype or Netflix work, which requires direct communication with servers and databases? this connection is opened in a way that anyone can access, or only the application in question that can?

  • There is no communication with servers without API or Webservices. Just in case someone gets access, they won’t be able to do more than the methods that are set out in this API. This way your database is (if any) protected. Not to mention that companies like Skype and Netflix have a team of security engineers who monitor every access to their servers and are ready to block any suspicious access.

1

HTTPS (Hyper Text Transfer Protocol Secure - secure hypertext transfer protocol) is an implementation of the HTTP protocol over an additional layer of security that uses the SSL/TLS protocol. This additional layer allows data to be transmitted over an encrypted connection and to verify the authenticity of the server and client through digital certificates.

Source: wikipedia

Browser other questions tagged php android web-service

You are not signed in. Login or sign up in order to post.