ASP.NET webservice API security.
Posted
by Tejaswi Yerukalapudi
on Stack Overflow
See other posts from Stack Overflow
or by Tejaswi Yerukalapudi
Published on 2010-05-17T01:59:31Z
Indexed on
2010/05/17
3:30 UTC
Read the original article
Hit count: 359
Hi,
I have an iPhone app accessing an ASP.NET Webservice for data. Since I'm building both the ASP.NET end and the iPhone part of the app, and we'll shortly be publishing it in the Appstore, I'd like to know what security checks I need to make.
The basic flow of the program (without divulging too much info about it) is as follows -
. Login (Enter Username, pass on the app)
. Primary screen where the data is loaded from a webservice and presented
. And post data back after a few updates by the user
I'm using POST to send the data to the Webservice via HTTPS. I'm sanitizing the inputs, checking for length of the inputs, but that's the limit of my knowledge as far as security goes. Any other tips are greatly appreciated!
Edit: I should probably add that our service needs to be subscribed to separately and the iPhone component of it cannot be used alone. So the average user will not have login credentials. And the app itself has healthcare data in it, so I'd rather not have anyone trying attacks from my login page.
Thanks,
Teja.
© Stack Overflow or respective owner