Seguridad de registro de API móvil

I have web and mobile versions of registration API. I have CAPTCHA in web-version to verify human or bot. Im afraid that someone can get mobile api registration parameters, make script and begin to brute force user's emails etc. And i don't want to make CAPTCHA in mobile app.

What can i do to verify real device?

preguntado el 12 de febrero de 14 a las 08:02

1 Respuestas

My suggestion is you need to encrypt the payload using any encryption algorithm like AES or RSA so that attacker cannot get parameters easily or did not get.

Also you can apply following in client-server communication for better security,

1> Cryptographic algorithm with password based key.

2> Use of SSL

respondido 03 mar '14, 09:03

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.