What is the best practice to post data to a server, currently my database is a PostgreSql.
I would be posting to a REST Api and I want to be safe, to post I was going to use a token to verify that they are from the app but then if someone decompiles the app they will see the verification token and could then post to the API
String token = esR3bJM9bPLJoLgTesR3bJM9bPLJoLgT;
String apiUserLikes = current_server_address + "/api/user-likes/?token=$token";
final response = await http.post(
Uri.parse(apiUserLikes?token=$token),
headers: <String, String>{
'Content-Type': 'application/json; charset=UTF-8',
},
body: jsonEncode(<String, String>{
'userID': '1234567969855478',
'UserDisplayName': 'John Jones',
'liked': 'true',
'dateLiked': '2022/12/05 00:00:00',
'eventLiked': 'Music concert at The stadium',
}),
);
What is the best way to protect users details and still post to the server
Thanks
2条答案
按热度按时间58wvjzkj1#
你永远无法验证用户是否来自应用程序,因为他可以只通过命令行发送相同的请求。即使有身份验证,也无法确认。唯一安全的方法是验证发送的数据,并添加防止滥用的限制,如IP/用户每分钟可以发送多少次数据或可以发送/下载多少数据。
hjzp0vay2#
除了使用静态令牌,您还可以使用OAuth2兼容的安全机制,在该机制中,令牌过期并生成/发布新的刷新令牌。您可以使用firebase Auth或类似的方法使您的应用程序符合OAuth。对于firebase Auth,您可以查看以下链接:https://firebase.google.com/docs/auth/