Secure connection between iPhone application and web server?
Hi,
I am about to start to developing an iPhone application that should login and communicate information securely between my app and a web server.
I haven't done any development in this area before, so I have done some research and would be very thankful for any input on how to handle this in the best/easiest way.
Currently, the people developing the web server does not know/have a system of handling requests from the application I will develop, so they will most likely need to create something new.
Authentication:
From what I understand, using HTTP authentication is not safe at all, and the best approach would be to use HTTPS? What would be the difference in the iphone application if using HTTPS or HTTP? I suppose the server and the client would need a certificate somehow?
Regardless of what I choose, is this how it works?:
1. Create a NSURLConnection with the server, listen to the didReceiveAuthenticationChallenge callback and respond with the user/password
2. use the connection created to send any other information?
Communication with the webserver:
The application requires to send about 20 different request to the server and needs to act on the responses. Would SOAP or any other web service be a good way to handle this? I believe that SOAP is pretty much XML over HTTP, so in a application this should be as easy as creating a NSMutableURLRequest and then parse the response with an XMLParser?
I am about to start to developing an iPhone application that should login and communicate information securely between my app and a web server.
I haven't done any development in this area before, so I have done some research and would be very thankful for any input on how to handle this in the best/easiest way.
Currently, the people developing the web server does not know/have a system of handling requests from the application I will develop, so they will most likely need to create something new.
Authentication:
From what I understand, using HTTP authentication is not safe at all, and the best approach would be to use HTTPS? What would be the difference in the iphone application if using HTTPS or HTTP? I suppose the server and the client would need a certificate somehow?
Regardless of what I choose, is this how it works?:
1. Create a NSURLConnection with the server, listen to the didReceiveAuthenticationChallenge callback and respond with the user/password
2. use the connection created to send any other information?
Communication with the webserver:
The application requires to send about 20 different request to the server and needs to act on the responses. Would SOAP or any other web service be a good way to handle this? I believe that SOAP is pretty much XML over HTTP, so in a application this should be as easy as creating a NSMutableURLRequest and then parse the response with an XMLParser?
Or is there another much better solution?
Thanks
hi ...thnx for sharing info... i have been going through the same security challenge; till now i have used simple Http but now will switch to Https cause of the idea that you have illustrated that first wait for didReceiveAuthenticationChallenge call back and then send the username/password and then use the safe conn. seems crystal clear. as it seems secure but have you found some more better solution then it ?
Secure connection between iPhone application and web server?
as it seems secure but have you found some more better solution then it ?
Linear Mode
