- #1
ergospherical
- 976
- 1,278
I'm hosting a database containing usernames and password hashes, and have written a little PHP API which accepts HTTP post requests (sent from an iOS application via Alamofire for Swift) containing two parameters, username & password, checks against the database & returns some JSON data containing a truth value signifying whether to validate the login, plus some accompanying information.
This method worked, but I cannot use it because HTTP post requests are not encrypted and the approach is pretty much totally unsecure. I am trying to figure out how best to reprogram the login - or use an existing library? In either case I would be interested to hear if you have experience with this sort of thing. Thanks!
This method worked, but I cannot use it because HTTP post requests are not encrypted and the approach is pretty much totally unsecure. I am trying to figure out how best to reprogram the login - or use an existing library? In either case I would be interested to hear if you have experience with this sort of thing. Thanks!