0

Possible Duplicate:
Objective-C, how to obfuscate or encrypt NSString?

My app talks to a server using SSL but I want to hide, obscure, or encrypt the URL inside the app, so a hacker with a debugger/hex editor won't see it (easily).

I want something that is not time consuming.

What do you guys recommend?

Community
  • 1
  • 1
Duck
  • 34,902
  • 47
  • 248
  • 470
  • Hey, I edited your question a bit to give it tags that I thought would help categorize it better and hopefully made the title a bit more clear what your use case was... if I misrepresented something let me know. – Carl Veazey Jan 26 '13 at 21:10
  • I re-edited your question, so as to make question clear. @CarlVeazey missed two important words from your question encrypt(which means crytograph) and obscure. Please re-edit your question if I made any wrong edit. – P.J Jan 26 '13 at 21:15
  • 1
    This sounds much like security through obscurity. – Gumbo Jan 26 '13 at 21:49
  • 1
    @OP Just to clarify, why does one need extra security measures in a point to point secured communication scenario (using SSL) in the first place? SSL provides security in point to point communication scenarios. – Jack G. Jan 26 '13 at 22:43
  • The app already gets "encrypted", though this is trivially broken on a jailbroken device. However, there is *very* little point in doing much more, since it's trivial to install a "fake" CA cert and read the URL that way. There are also better ways of protecting your webapp than a not-so-secret URL. – tc. Jan 27 '13 at 06:12

1 Answers1

-1

Use a RESTful API design. All you have to store is the base URL, everything else is provided by the server.

Jim
  • 72,985
  • 14
  • 101
  • 108
  • 1
    Could you explain a little more what you mean? Would the server provide the application with the URL parameters required? If so, how would this prevent someone from getting the URL from the application and then using the server's configuration to reconstruct the API? – Carl Veazey Jan 26 '13 at 21:15
  • 1
    http://www.anujgakhar.com/2011/11/16/designing-a-restful-api/ – jakenberg Jan 26 '13 at 21:23
  • @jsksma2 my confusion stems from having used RESTful APIs in the past and there didn't seem to be some standard way of configuring their endpoints at run time (seemed to always be a different approach per API). Even assuming those APIs weren't designed fully to some standard, I am really having a hard time understanding how it provides a solution. – Carl Veazey Jan 26 '13 at 21:41
  • That's funny actually, I'm having issues figuring out the exact same thing. I posted that link because I was reading it just before I saw this. – jakenberg Jan 26 '13 at 21:44
  • @jsksma2, the author of that article doesn't understand REST and what he is teaching is not RESTful API design. Don't learn REST from anything that tells you to hard-code URLs. – Jim Jan 27 '13 at 13:46
  • @CarlVeazey, there's nothing stopping them from reconstructing the API. It wasn't clear that's what you wanted - you were just talking about not having the URLs accessible from the app. – Jim Jan 27 '13 at 13:50
  • I ended up finding a source for implementing endpoints for AWS in their documentation. http://aws.amazon.com/documentation/sdkforios/ It worked great for me using the RDS service that they offer! – jakenberg Jan 27 '13 at 19:57