web sevice for I phone

Discussion in 'iOS Programming' started by specialfx, May 15, 2009.

  1. specialfx macrumors newbie

    Apr 22, 2009
    I am developing a coldfusion web service for the iphone to connect to. How do I make sure only the iphone can connect to it and how to I make sure the application code cannot be seen to view the web service login credentials?
  2. jnic macrumors 6502a

    Oct 24, 2008
    This is essentially the standard DRM problem, and the short answer is "you can't". You can however make it prohibitively difficult for the majority of users.

    The obvious first step is to use SSL end-to-end to prevent credentials being trivially intercepted. It's still going to be possible to extract credentials from the app itself by watching its memory usage from a debugger, and the best you can do here is to try to obfuscate keys in memory.

    Some of these papers might help: http://scholar.google.com/scholar?q=white-box+cryptography

Share This Page