3
I’m having second thoughts about security. When I want to add date or receive, I make an HTTP POST or GET request to my server, which returns the JSON response. Assuming it is an application that displays movie lists (returned by the JSON format server). How to hide this request from the user? Because if you use some traffic monitoring program, it will see for example:
HTTP://SERVER.COM/GetFilmes.php
By monitoring other applications, I realize they make a request only for the server and not for pages. (as above)
How best to prevent such data from becoming readily available to malicious people?
Suppose I have an HTTP GET that returns if the login and password of the user are correct (by the application), but a malicious user gets the link of the page on the server that does the authentication, and starts sending data to this page, outside the application. How could I authenticate this without the user knowing which page in the backend is done ? ,for example(http://server.com/checkdados.php)
– saidmrn
I have as an example Ifood,when opening,it returns a list of restaurants.But monitoring data traffic,I do not find a request that I would use in my app as : (ifood.com/webservice/getrestaurantes.php), but one pointing to their server,but no directory, so it’s harder to figure out where the data is coming from.
– saidmrn
Requisition for wsloja.ifood.com.br:443 only.
– saidmrn
So if I use HTTPS and encrypt my application, the user won’t know in which directory the request is being made ? will only know the correct server ?
– saidmrn
I think that’s it too, I’ll activate SSL on my domain and test it.Thanks for the help !
– saidmrn