Re: iOS Game - how to secure server side resurces

[Hai Lang <hailang () me com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You could get each device's unique identifier and append it in the
request, make your api so that they only response to requests that have
valid UUID, or even implement an access control list according to your need.

http://oleb.net/blog/2011/09/how-to-replace-the-udid/
https://developer.apple.com/library/ios/#documentation/CoreFoundation/Reference/CFUUIDRef/Reference/reference.html

Best Regards,
Hai Lang

On 11/8/12 1:23 AM, naveen0403 () yahoo com wrote:
> Hi
> I recently joined a company which is developing a game/app for iOS.
Game needs some intensive server side processing. Also, they want the
game to be popular as soon as possible so there are no security
requirements to sign up or set up a user account(userid/pwd). They just
want user to download and start playing.
> How do you secure server resources(say REST services) in this
environment? Every approach i think of, has a security flaw, because
fundamentally anything you store on client side(hardcode in code or
config files, encryption keys etc) to communicate with server side
resources, it can be retrieved.
> May be I am missing something fundamental. Any help is appreciated.
> Thanks
> Naveen
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate. We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
>
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)

iQIcBAEBAgAGBQJQnKOEAAoJENJSpeLYv3pPWTEP/RTMW7izjWt4+kiUVm3IGVz0
1bzbVUPlm0CaGfRbCI0NEiUJkgHikD7J4d03CLnNNSRr3/cAhNuj0OdcJooIrkRn
/b5YOKCdMYrevXJTHeswFfLwpIuj1qNldmJPU4RHpYy/oVovo3INhDv4ze8SP/hB
CVe67Ck7GpyxKsHwvQ/zOlrGddgGQwEoOsrpHQhCnSrUZFmyKFSfDjNpWt48JF0S
9IPCG5N0D4rngwhCfUe9dvYAsUk+48i0IyVZEv/TvWbTb6V1J37K5m1080e2ZKex
eoB/6hXle12paPoGAKm3ABMat//TO0oWIku9xHe4vQMfGYSC0ghLYqoCSxbkDq12
GyMnKzQfJ5/fZgfNJSVTiPGUY6UxcIszjnH3XyZj3BKief+EooDxP5qm0QB4lHNj
FjAgSiNpvU/hiKVXODoWOxfEVbc1CUbAVUZwfEfxLM8SX3xSxoRnMI4pOBLynhBz
vizNdt6HnAKtMoLdnj5XQ9Z8vCrxglOKVt6lzyW0ePot321Oytw3rIEXa5hpP1u0
JoxM5Pha7wb6vmSh2nY2IBiWWE+QX2yONASX28WNug8oDLqZEuQur0OkLwhOMVHS
GdkDQToJYhgYUpNybWpt7WLoK2PfSjvFRcrF07+vkg7jXbX1eB9sJiszrwpghDP1
QpyF1HEVg/mRGHa+cy+2
=GwPJ
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------