0
I have a PHP application used this commands:
ini_set("allow_url_fopen", true);
$json = file_get_contents('php://input');
Because data is sent by Android system.
What is sent to PHP is a JSON, after receiving I parse and validate the json information
I wonder if this is the best way to receive the data, what kind of security can I implement?
Yes, to receive the data in format JSON on your server this is the correct way to do it. Now, on security, what exactly you refer to?
– Paulo Rodrigues
@Paulorodrigues was reading about this "allow_url_fopen" and by I saw leaves the system open for invasion attempts.
– Weliton Figueiredo
Depending on the data, you can pass it encrypted by a hash, recommend the
bcrypt();– Samuel Carvalho
I develop on IOS, and the data that my app passes to the server, is encrypted on IOS, passed to server, and then the server encrypts them again.
– Samuel Carvalho