Security Basics mailing list archives
Re: iOS Game - how to secure server side resurces
From: Hai Lang <hailang () me com>
Date: Fri, 09 Nov 2012 14:32:36 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You could get each device's unique identifier and append it in the request, make your api so that they only response to requests that have valid UUID, or even implement an access control list according to your need. http://oleb.net/blog/2011/09/how-to-replace-the-udid/ https://developer.apple.com/library/ios/#documentation/CoreFoundation/Reference/CFUUIDRef/Reference/reference.html Best Regards, Hai Lang On 11/8/12 1:23 AM, naveen0403 () yahoo com wrote:
Hi I recently joined a company which is developing a game/app for iOS.
Game needs some intensive server side processing. Also, they want the game to be popular as soon as possible so there are no security requirements to sign up or set up a user account(userid/pwd). They just want user to download and start playing.
How do you secure server resources(say REST services) in this
environment? Every approach i think of, has a security flaw, because fundamentally anything you store on client side(hardcode in code or config files, encryption keys etc) to communicate with server side resources, it can be retrieved.
May be I am missing something fundamental. Any help is appreciated. Thanks Naveen ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) iQIcBAEBAgAGBQJQnKOEAAoJENJSpeLYv3pPWTEP/RTMW7izjWt4+kiUVm3IGVz0 1bzbVUPlm0CaGfRbCI0NEiUJkgHikD7J4d03CLnNNSRr3/cAhNuj0OdcJooIrkRn /b5YOKCdMYrevXJTHeswFfLwpIuj1qNldmJPU4RHpYy/oVovo3INhDv4ze8SP/hB CVe67Ck7GpyxKsHwvQ/zOlrGddgGQwEoOsrpHQhCnSrUZFmyKFSfDjNpWt48JF0S 9IPCG5N0D4rngwhCfUe9dvYAsUk+48i0IyVZEv/TvWbTb6V1J37K5m1080e2ZKex eoB/6hXle12paPoGAKm3ABMat//TO0oWIku9xHe4vQMfGYSC0ghLYqoCSxbkDq12 GyMnKzQfJ5/fZgfNJSVTiPGUY6UxcIszjnH3XyZj3BKief+EooDxP5qm0QB4lHNj FjAgSiNpvU/hiKVXODoWOxfEVbc1CUbAVUZwfEfxLM8SX3xSxoRnMI4pOBLynhBz vizNdt6HnAKtMoLdnj5XQ9Z8vCrxglOKVt6lzyW0ePot321Oytw3rIEXa5hpP1u0 JoxM5Pha7wb6vmSh2nY2IBiWWE+QX2yONASX28WNug8oDLqZEuQur0OkLwhOMVHS GdkDQToJYhgYUpNybWpt7WLoK2PfSjvFRcrF07+vkg7jXbX1eB9sJiszrwpghDP1 QpyF1HEVg/mRGHa+cy+2 =GwPJ -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- iOS Game - how to secure server side resurces naveen0403 (Nov 08)
- Re: iOS Game - how to secure server side resurces Hai Lang (Nov 08)
- RE: iOS Game - how to secure server side resurces Costas Ioannou (Nov 09)