HTTP PHP Authentication and Android

Posted by edc598 on Programmers See other posts from Programmers or by edc598
Published on 2012-06-04T21:24:40Z Indexed on 2012/06/04 22:46 UTC
Read the original article Hit count: 193

Filed under:
|
|
|
|

I am working on a website for which I hope to have an application for as well. Because of this, I am creating PHP API's which will go into my Database and serve specific data based on the method/function called.

I want to protect these API's from misuse however, and I plan on implementing Authentication Digest to do so. However one of the OS's I want to support is Android. And I know that a malicious user would be able to reverse engineer the Android app and figure out my authentication scheme.

I am left wondering:

1. Is there a better way to protect these API's from misuse?
2. Is there a way to prevent a malicious user from reverse engineering the app and potentially seeing the source code for it, enabling them to see my authentication scheme?
3. If none of these are preventable, then is my only option to have a Username/Password cred specifically for the Android app, and when eventually hacked, change the creds and issue an update for the app?

I apologize if this is not the place to post such a question. Still pretty new to StackOverflow. Thanks in advance for any insight, it would be quite helpful.

© Programmers or respective owner

Related posts about php

Related posts about android