securing a webservice for use from a custom iphone app only
Posted
by mme
on Stack Overflow
See other posts from Stack Overflow
or by mme
Published on 2010-04-23T23:34:01Z
Indexed on
2010/04/23
23:43 UTC
Read the original article
Hit count: 159
I want to create an iphone application which consists of two parts: The app itself and a server side component.
On a users request, the app sends data to the server which is to be handled by human operators.
To prevent abuse from an iphone app user, the id of the iphone is sent along with the request, and the operators can blacklist pranksters to deny their iphone access to the service.
So far so good. Now the problem is: Someone could easily discover the address of the serverside component, and write a script to send bogus requests, using multiple IP addresses etc.
So my question is: how can I defend myself against this?
Captchas to protect against scripted attacks or requiring the user to register himself are not an option for this particular application.
If I had control of the download, I would associate a unique ID with each downloaded app, but obviously this is not an option with the appstore.
What would be your approach to make the server side part more secure?
© Stack Overflow or respective owner