Databases
StackOverflow2013
Postsdbo
POVerifying a user when backing up data to a server
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POVerifying a user when backing up data to a server
    text
    copied!<p>Note: Although I raise this issue in the context of an iOS app, I don't think it's confined to an app running on that specific OS.</p> <p>I'm developing an iOS application that will back up user data to a server and I'm trying to figure out the best way to verify server-side that the user being updated is actually the real user. Each user will have an id (<code>uid</code>). If that's all I depended on server-side, then I imagine the process would go like this:</p> <ul> <li>User runs app for the first time</li> <li>Creates account in the app, which communicates with the server to both create the account on the server and to get a unique "user id" (uid)</li> <li>App stores this uid so that it can identify the user in subsequent communications with the server</li> </ul> <p>However, if someone were to hack the app on their iphone, they could change the user id value and then that would instantly give them access to/allow them to modify a different user's data.</p> <p>The current solution I'm considering is that the user receives 2 unique ids, the uid (just an auto-incremented number) and a longer, more complex key string. All communication with the server will therefore have to send along both the uid and the key. The server will verify that they match in order to make sure that the user truly is who the app says it is.</p> <p>So, my question is two-fold:</p> <ol> <li>Is this the correct way to achieve this? Or is there some other standard method that I should pursue?</li> <li>If this is the correct approach, what's the recommended way to generate the unique key?</li> </ol>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload