On 5/18/2011 3:27 AM, G S wrote:
I'm probably being obtuse here, but I don't see how encrypting your
request with a public key would help you with your original problem.
What stops a rogue app from doing the same encryption?
They can't see what the parameters are. So what are
Or is that an attacker wouldn't be able to figure out how to format the
parameters?
Bingo. Nor will he know valid values for those parameters.
If someone goes to the trouble to run the app in an environment where he can
scrutinize memory contents, then he can figure all this out. But that's
On Tue, May 17, 2011 at 2:52 PM, G S stokest...@gmail.com wrote:
Hi all.
I have an iPhone app that retrieves database info by issuing HTTP GETs to
PHP pages on a server. All I want to do is encrypt the parameters sent in
the URL, to prevent people from spoofing our app and abusing our
I'm probably being obtuse here, but I don't see how encrypting your
request with a public key would help you with your original problem.
What stops a rogue app from doing the same encryption?
They can't see what the parameters are. So what are they going to encrypt?
Agreed they can't see the original parameters, but can't they replay the
same encrypted data and make the server believe that the request came from a
genuine client? If the server, through some mechanism, is able to validate
that the client possesses the original Key and IV before sending the XML
Hi all.
I have an iPhone app that retrieves database info by issuing HTTP GETs to
PHP pages on a server. All I want to do is encrypt the parameters sent in
the URL, to prevent people from spoofing our app and abusing our database
(most likely with spam). I've seen people ask this question in
On Tue, May 17, 2011 at 02:22:46AM -0700, G S wrote:
1. Generate a random key and initialization vector to encrypt the block of
text.
2. Encrypt that random key with the RSA public key.
3. Encrypt the data payload with the random key and IV, using Blowfish or
other encryption.
4. Send the
