I'm developing an iOS app that requires data to be sent to a server to process a transaction. The data is stored on Stripe (A credit card service) so I do not need to worry about encrypting / storing data. The only thing that poses a threat is that I have a script that downloads the users information (eg. credit card and name) for a "quick pay" and the only authorization is in the customer object that the server side script returns. I use a key on the iOS app that the server matches with in order to verify that it's the app that's making the connection, but the key is stored in a constant variable on the actual app, which is a security risk. Is there any better way of verifying that the request is from my app?
The data is sent through an $.AJAX "Post" (Jquery AJAX) to the server. Will an SSL/HTTPS connection be enough to secure the data?
Aucun commentaire:
Enregistrer un commentaire