[Flask] Flask secret key for mobile app client
Markus Unterwaditzer
markus at unterwaditzer.net
Mon May 30 09:58:09 EDT 2016
Then unsubscribe from this mailing list.
On 30 May 2016 13:41:35 CEST, saikat_sarkar <saikat_sarkar at hotmail.com> wrote:
>Stop this spam
>
>
>Saikat
>Sent from Samsung Mobile
>
>-------- Original message --------
>From: aiman parvaiz <aimanparvaiz at gmail.com>
>Date:30/05/2016 1:16 PM (GMT+05:30)
>To: Unai Rodriguez <unai at sysbible.org>
>Cc: flask at python.org
>Subject: Re: [Flask] Flask secret key for mobile app client
>
>The case under consideration is that right now any one can jump on a
>tool
>as simple as Postman(on Chrome browser), construct the API call and get
>data from the backend. I need a way to allow only mobile devices with
>the
>installed app to see the returned data and how can I ensure that a API
>call
>from any client other than mobile devices don't get a response from my
>server.
>
>I would appreciate any help I can get here.
>
>Thanks
>
>On Mon, May 30, 2016 at 12:07 AM, Aiman Parvaiz
><aimanparvaiz at gmail.com>
>wrote:
>
>> Thanks for the response Unai. This app would be open to the general
>public
>> indeed. Can you please throw more light on SSL+ authentication?
>> I would be using SSL for this but what do you mean by authentication
>from
>> mobile phone?
>>
>>
>> Sent from my iPhone
>>
>> On May 29, 2016, at 9:09 PM, Unai Rodriguez <unai at sysbible.org>
>wrote:
>>
>> If the people using the app can be anyone (I.e. it's open to general
>> public) you cannot. Typically SSL I.e. HTTPS) plus authentication is
>used
>> for this.
>>
>> If the people that are supposed to access have something in common
>(I.e.
>> they come from a specific office, etc) then you might be able to add
>rules
>> on a firewalll. But that can be a problem (rules not correct or
>people
>> accessing through a VPN etc). I guess the only way is if the app is
>served
>> only to the people that are supposed to access the through some sort
>of a
>> corporate /private network .
>>
>>
>>
>> -- unai
>>
>>
>> On Mon, May 30, 2016, at 09:56 AM, aiman parvaiz wrote:
>>
>> Hi all
>> I am new to flask and am writing a REST API backend for a mobile app.
>My
>> question is how can I ensure that call to my endpoints is only being
>done
>> by my mobile app and not by some one who has guessed the endpoint.
>> What would be the best way to avoid this kind of behavior.
>> Thanks
>> *_______________________________________________*
>> Flask mailing list
>> Flask at python.org
>> https://mail.python.org/mailman/listinfo/flask
>>
>>
>>
>> _______________________________________________
>> Flask mailing list
>> Flask at python.org
>> https://mail.python.org/mailman/listinfo/flask
>>
>>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Flask mailing list
>Flask at python.org
>https://mail.python.org/mailman/listinfo/flask
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Flask mailing list
>Flask at python.org
>https://mail.python.org/mailman/listinfo/flask
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20160530/90dce482/attachment-0001.html>
More information about the Flask
mailing list