Protect url from decompiling

StackOverflow https://stackoverflow.com/questions/22614172

  •  20-06-2023
  •  | 
  •  

Question

I've written an app which connects over PHP to MySQL. The MySQL Passwords are stored in the php file. But i have to save the Url in a String like http://www.abc.com/create_user.php and if someone decompiles the app, he can see the Url and manually create accounts. (I use Post Method in PHP)

Was it helpful?

Solution

It' s very difficult to prevent people from seeing what URL backend you are using. I would argue that is impossible. If they can't decompile the APP, they still could use a PROXY to inspect traffic from the Android APP to your server.

I would put some stuff to make it more difficult though.

Off the top of my head, you could:

  1. Use a CLIENT_SECRET: a compiled string in the Android APP that your server needs to validate in order to make the account creation.
  2. Use HTTPs (it will make more difficult to use a PROXY to inspect HTTP traffic)
  3. Al alternate way of doing (1) is using CLIENT_SECRET to locally encrypt the payload you are using to create the user
  4. Check for a specific USER_AGENT on the HTTP REQUEST
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top