I am developing a coldfusion web service for the iphone to connect to. How do I make sure only the iphone can connect to it and how to I make sure the application code cannot be seen to view the web service login credentials?
I am developing a coldfusion web service for the iphone to connect to. How do I make sure only the iphone can connect to it and how to I make sure the application code cannot be seen to view the web service login credentials?
This is essentially the standard DRM problem, and the short answer is "you can't". You can however make it prohibitively difficult for the majority of users.
The obvious first step is to use SSL end-to-end to prevent credentials being trivially intercepted. It's still going to be possible to extract credentials from the app itself by watching its memory usage from a debugger, and the best you can do here is to try to obfuscate keys in memory.
