What's the best way to ensure privacy during c

2019-08-04 11:34发布

站内问答 / Android
1939 1 6

I've built a mobile app based on Cordova, for both iOS and Android, i need to make secure communication between app and server. Request to server, in javascript, are like this:

    request.open("GET", 'http://url/service?firstElement='+elem+'&secondElement='+elem2, false);

I've tried to use RSA encryption generating public and private key locally using pidCrypt libraries, the 2048bits key requires too long time to be generates, so i've used 512bits. The server is not be able to decrypt the message.

I'm looking for a better solution.

1条回答
做个烂人
2楼-- · 2019-08-04 11:56

Try Using Send Ajax Request, Like This. I assume that you use php for Dynamic code (Server Side).

Here is Sample of HTML file which presant on your cordova, phonegap directory.

    <form method = "post" action = "#!">
        <div class="col-md-4">
            <span class="help-block">Name</span><input type="text" name="username" class="form-control" />
        </div>
        <br>
        <div class="col-md-4">
            <span class="help-block">Password</span><input type="text" name="password" class="form-control" />
        </div>
        <input type = "submit" value = "Save" class = "btn btn-success right" onClick="UpdateRecord();"/>
    </form>

    <script>
    function UpdateRecord()
      {
          var name = $("[name='username']").val();
          var host = $("[name='password']").val();
          jQuery.ajax({
           type: "POST",
           url: "php/login.php",
           /* Or */
           /*url: "https://www.yoursite.com/page",*/
           data: "username="+ username+"& password="+ password,
           dataType: "html",
           cache: false,
           success: function(response){
                if(response == 'true') {
                    $.session.set("myVar", username);
                    window.location.href='profile.html';
                }
                else {
                    $("#errorMessage").html("Invalid Entry, Please Try Again");
                }   
            }
         });
     }
    </script>

And PHP File for Handle Query.

Please Not that code is not tested and it may change as per your need. You can perform any encryption method and use any function here.

    <?php
        include 'config.php';
        $username = mysql_real_escape_string($_POST['username']);
        $password = mysql_real_escape_string($_POST['password']);

        if(!empty($username) && !empty($password))
        {
                //$result = mysql_query("SELECT * FROM ".$db.".users WHERE username='$username' and  password ='$password'");
                $result=mysql_query("select * from ".$db.".users WHERE email = '$username' ");
                while($data = mysql_fetch_row($result))
                {
                    $original_password = $data[3];
                    $salt = $data[4];
                    $hashedPass = sha1($salt.$password);
                    $fullusername = $data[16]." ".$data[17]; // Used Only for create full name session
                    if ($original_password == $hashedPass)
                    {
                        $_SESSION['username'] = $fullusername;
                        $_SESSION['useremail'] = $username;
                        $_SESSION['UserID'] = $data[0];
                        echo 'true';
                    }
                }

            }
    ?>

Edit

request.open("GET", 'http://url/service?firstElement='+elem+'&secondElement='+elem2, false);

Avoid to use GET method while sending sensitive data.

Edit, Helpful Link

Local storage protection in phonegap application

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)