问题
I have some PHP pages that receive POST requests and make CRUD operations in my MySQL database...
I would like to know if there is a way to allow only my Android application to do those requests in my pages...
As my application requires Google Login (which Google IDs are already registered in my database), I was thinking in check if client's Google ID exists on database via PHP script, but it could be faked, right?
Is there any other way to allow only my Android App to make CRUD in my database? Maybe using another language beside PHP
Thanks in advance
回答1:
I would like to know if there is a way to allow only my Android application to do those requests in my pages...
This is an impossible request.
You cannot guarantee that end users are using your application to send data to your server over a public network (i.e. the Internet). Full stop, not gonna happen.
What you should do instead is ensure your server-side code is written to where, regardless of what data is hurled at it, your server doesn't get hacked.
回答2:
I would store a secret key in your app and send that along with the request to log the user in. This secret key would be stored on the server and compared at login. If the key matches and user is authenticated then log user in.
来源:https://stackoverflow.com/questions/43823349/allow-only-php-request-from-android-app