web sevice for I phone

Discussion in 'iOS Programming' started by specialfx, May 15, 2009.

  1. specialfx macrumors newbie

    Joined:
    Apr 22, 2009
    Location:
    London
    #1
    I am developing a coldfusion web service for the iphone to connect to. How do I make sure only the iphone can connect to it and how to I make sure the application code cannot be seen to view the web service login credentials?
     
  2. jnic macrumors 6502a

    Joined:
    Oct 24, 2008
    Location:
    Cambridge
    #2
    This is essentially the standard DRM problem, and the short answer is "you can't". You can however make it prohibitively difficult for the majority of users.

    The obvious first step is to use SSL end-to-end to prevent credentials being trivially intercepted. It's still going to be possible to extract credentials from the app itself by watching its memory usage from a debugger, and the best you can do here is to try to obfuscate keys in memory.

    Some of these papers might help: http://scholar.google.com/scholar?q=white-box+cryptography
     

Share This Page