java - How to ensure that a android app is accessing the Real server -



java - How to ensure that a android app is accessing the Real server -

i've implemented https connection servlet running rest api. device able connect server using https. device accepting server's certificate , establishing https.

how create sure device accepts particular certificate? intention should not able setup false server identifying right server using self-signed certificate.

in browser environment, user see chrome's crossed out https in url , know certificate not verified. how ensure app.

the procedure called certificate validation , pretty standard. classes , components perform validation you, others leave manual implementation , control.

validation ensures (in ideal world) connecting legitimate server, i.e. server host name , name in presented certificate match. requires server has acquired valid ca-signed (we omit self-signed variants lack of security , flexibility) certificate needed host name. far good.

now can either rely on pre-implemented certificate validation or implement own or add together own checks pre-implemented validation procedure. implementing own validation cumbersome task, let's assume client code utilize performs validation (you have not specified code utilize connection can't comment on it). can rely on it, however in countries state agencies perlustrate traffic, , doing acquire (or generate on-the-fly in cases) certificates false nature valid if follow validation procedure blindly.

so if command both server , client , can implement additional validation (your client component or class lets this) additional check can compare issuer of certificate (or whole certificate chain) issuer know valid. less flexible , extent against pki rules, approach reduces chance false certificate generated , accepted valid. thought know certificate utilize , ca used (and maybe utilize in future), can store info in client , compare during validation.

you can read more certificate validation searching here on "certificate validation" - quite popular topic.

java android servlets ssl

Comments

Post a Comment

Popular posts from this blog

Delphi change the assembly code of a running process -

Delphi change the assembly code of a running process - i'm trying alter address 00741fa5 has push test.009e721c . alter push test.009e71c8 . procedure callback; asm force $9e71c8 end; procedure tform2.btn1click(sender: tobject); var ppid :dword; pprocess : cardinal; begin getwindowthreadprocessid(findwindow(nil,pchar('test')), @ppid); pprocess := openprocess(process_all_access, false, ppid); injectasm(pprocess, $741fa5, 10, integer(@callback), 0); end; here injectasm function (with error checking) function injectasm(process: longword; injectaddress, injectsize, codeaddress, codesize : integer): pointer; var csize, rsize : integer; replaced : array of byte; jmp : array [0..4] of byte; jmpaddress : integer; nopv : byte; : integer; nbr: ulong_ptr; begin //injectsize must equal or greater 5, because need space our //(far) jmp wwxxyyzz instruction //if there's no space, inject in place of few instructions if injectsize ...
Read more

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) -

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) - hello have problem hibernate , jackson. have 2 pojos @entity @table(name = "users") public class user implements serializable { static final long serialversionuid = 4235637833262722256l; @id @generatedvalue private int id; @column(name = "creation_date") private date creationdate; @column(name = "first_name") private string firstname; @column(name = "last_name") private string lastname; @version @column(name = "version") private int version; @column(name = "e_mail") private string email; @column(name = "enabled") private boolean enabled; @column(name = "login") private string login; @column(name = "password") private string password; @jsonmanagedreference("role") @onetomany(mappedby = "user", cascade = cascadetype.all,fetch = fetchtyp...
Read more

C++ 11 "class" keyword -

C++ 11 "class" keyword - i've started using c++ 11 little bit more , have few questions on special uses of class keyword. know it's used declare class, there's 2 instances have seen don't understand: method<class t>(); and class class_name *var; why precede typename keyword class in first example, , keyword pointer in sec example? that known elaborated type specifier , necessary when class name "shadowed" or "hidden" , need explicit. class t { }; // love of god don't t t; t t2; if compiler smart, give these warnings: main.cpp:15:5: error: must utilize 'class' tag refer type 't' in scope t t2; ^ class main.cpp:14:7: note: class 't' hidden non-type declaration of 't' here t t; ^ if class not defined, deed forwards declaration. for example: template <typename t> void method() { using type = typename t::value_type; } method...
Read more