更新时间:2023-09-01 21:22:28
服务器和放大器;客户端code变化是
选项!
块引用>首先,你不能prevent它完全地(不采取法律行动:)。使用SSL / TLS,将与嗅探posibility帮助。
如果该应用程序从服务器直接下载(而不是通过一个应用程序商店/第三方)可以保护多一点。当用户下载应用,确保用户通过身份验证,生成一个密钥,包括在应用程序,并与该用户的所有进一步的沟通中使用它。黑客/贼可以模仿,但他们需要通过他们的服务器来模拟你的应用的登录和下载 - 你可以找到和阻止
I have a simple web-API accessible over HTTP with some corresponding mobile apps reading that data. Now someone decompiled an app / sniffed the HTTP traffic, got the url to my web API and built his own client acting like one of mine.
How can I secure the access to my API only for my own clients? Even with the thought of someone decompiling my app.
Server & client-side code change is an option!
Server & client-side code change is an option!
First, you can't prevent it completely (without legal action :). Use SSL/TLS, that will help with the sniffing posibility.
If the app is downloaded directly from your server (not through an app store/third party) you can secure it a bit more. When a user downloads the application make sure the user is authenticated, generate a key, include it in the application and use it in all further communication with that user. The hacker/thief can mimic that, but they'll need to go through their server to simulate a login and download of your application -- you can find and block that.