I have a edittext wihch users can write something and post my server. I want to know how can I control the text include javascript , jquery or something else which has bad behavior ?
should I solve this android side or webservice side ? I use mvc 4.5 (I mean should I solve this c# side?)
thanks in advance
I think you should move it to the server side.
Why ? Because if someone want to do bad things with your backend, he can easily do it directly with his computer thus bypassing your android side content purification.
He just have to launch Wireshark on his PC (or use a proxy to do MITM if you use HTTPS or SSL), listen the conversation your Android app and your server are having and then use that information to build an attack with his computer.
A lot of APIs are not securised enough because people are still thinking that people can't access it outside the apps, it's wrong, they can.
Related
I want to accomplish this:
https://developers.google.com/games/services/web/serverlogin
with Java instead of javascript. I know the APIs exist for Java, as I already have a desktop application and an Android application that are able to login properly to Google, using Java APIs. Now I just need to figure out how to follow the process described above with regular Java.
This line is particularly annoying:
"If the auth object in my google-signin-callback already has an access token, can I send that to the server instead of performing this additional code-exchange step?
A: No. You should avoid sending access tokens to your server if at all possible. The "exchange a single-use code for an access token" strategy is much more secure and we highly recommend using that approach in your applications."
I have seen things that seem to contradict in several places, including on Google's guides. This seems like it would be the easiest way given what I have working, but I'd do it properly if I could figure out how in Java. I want to be able to access Google Play Games Services on the client side as well as the server side.
1) How do I get a single use token on the client side? (on android and desktop)
2) How do I exchange it on the server side?
Thanks
I've been looking around all morning, and can't seem to figure this one out. I know it's not as complicated as I think it is, and all I need is just some pointers to the right direction.
I have an Android application that takes some user input, sends it to a Java application over the web, and then receives some output based on the input.
My Android and Java applications are ready, but how do I go about sending and receiving the data over the web? I understand that I'll be sending and receiving HTTP requests, but my problem is where I'll be sending them and receiving them from. Do I host my Java application on a Servlet like Tomcat, or do I use something like OpenShift to host my application for me?
I have no trouble with sending some HTTP request from my Android application to the web and receiving some output back, but my problem is that my web service needs to use a Java library to process the input and generate the output. I'm just not sure how I'm supposed to get this data to and from this Java library that needs to be hosted on the web.
I hope my question makes any sense.
EDIT: Perhaps I wasn't clear with what exactly I need help with. I do realize that the architecture I use doesn't really make any difference, but the problem I have is with how I'm supposed to use this architecture.
Let's say I have a registered domain name that I can easily send to and receive data from using my Android application - no trouble with that. But how am I supposed to integrate my Java library with this server? Do I just create an applet and put it on my server? Does my web host even allow Java applets to run?
I guess my question is how I'm supposed to get through the "barrier" between my HTTP request / transport layer protocol and my Java application.
Server architecture usually does not matter. You can use Java, NodeJs, Rails, Python, .NET, etc. You just need an endpoint that accepts a HTTP POST/PUT/GET/DELETE/PATCH verb.
This is more a question of "how do I set up a server to accept input" and its a very large topic in itself. I would advise you look at PAAS solutions like:
Parse.com
Kinvey.com
You can use their tools to build a solution fairly quickly. If you need something custom you'll need to build your backend in the language of choice and host it online via AWS, Google Cloud, Heroku, a VPS or something similar.
I am very new to writing apps so please bear with me :)
I am writing an Android app that communicates with my server to send GET request and get some data from the server and show it to client (android app user).
API URL:
http://myserver.com/get.php
GET data/variables
api: my api key
extra GET variables
It'd be like:
http://myserver.com/get.php?api=XXXXXXXXXXXXXXXXXXX&extra=something&fields=here
So can an attacker see the API key by decoding the app with tools like apktool, smali etc? If yes then how can I secure it?
Note : the answer you are going to read are based on my experience and my research, feel free to comment if my information is wrong. Im not a network architect, but i have some experiences building web services, and did hours of research (because just like you, i dont understand about security at first). I hope this will help you.
Use POST, its safer than GET if you use REST.
Use HTTPS (i know its a little bit more expensive)
Use SOAP, instead of REST if you really need good security (ex : Banking Apps).
Use Dexguard/Proguard so your apps will be hard to reverse engineered.
Hello i've been coding an app (client/server) over my LAN in Visual Studio 2012 using this http://www.codeproject.com/Articles/155282/A-Complete-TCP-Server-Client-Communication-and-RMI#ScsServerside as the base for my communication between the client and the server.
Now i started looking over on android development and eclipse and i was wondering if there was something similar to this framework on java? if not maybe someone could point me out on a way of calling methods over LAN and if possible without using the hole webservice on tomcat thing :p i cant really understand how that is working and since i intend to sell the app i dont know what implications using those components brings.. Whereas this framework i was working on didn't need anything.. it simply runs the application (server) with a service on the ipaddress of the machine on a open port ant that it.. Any help would be gratefull!
Adding some more information to your question would be useful. For example: which kind of call are you accepting on your server? Or, in other terms, what protocol are you using? Just plain old HTTP? RESTful HTTP? FTP? SSH? What?
Anyway, most likely you do not need any third-party framework to create your own Android client. Android and Java already supply you with a HTTP library and a HTTP client that can be used to communicate with a HTTP server. Just browse the docu.
If you have to use a different protocol, most likely you can find a Java client/library that you can use in your project. Java has the largest library of ready-to-use components so it is usually quite easy to find something that can solve your problem.
I developed a chat application using java.But now my challenge is build a chat app in web application.I dont how to proceed.Can we use sockets as done in java.
Please give me a suggestion to get through this.
Thanks in Advance.
I recommend you to use websockets as they're really efficient to exchange in real time (push instead of pull) data between a server and html clients. They're bidirectionnal and roughly equivalent to the sockets you're used to (hence their name). Client-side, they use the same callback based logic than ajax clients but that doesn't mean they're not fast.
Here's a tutorial : http://java.dzone.com/articles/creating-websocket-chat
Googling "java chat websocket" would give you other results.