1 reply to this topic

[Falmarri]

This isn't necessarily an Android question, that's why it's here and not in Java or wherever. But what I have is a MySQL server hosting users that are IDed by the DeviceId of an android phone. And the android phone posts this ID as well as a few other parameters to my website that gets the POST data via php. I'm not very good with web programming or that type of security. But since these are phones requesting data, not the users, there's no password involved. The only thing identifying the user is the deviceId. What would be the best way to prevent people from messing with my SQL database?

The PHP is (relatively) protected from SQL injection stuff. But since the DeviceId is just a MEID or IMEI number, it wouldn't be hard to just dump a bunch of random devices into my database. I'm looking to prevent this. Tips? Suggestions?

Thanks

Edit: Sorry if this is supposed to go in web programming. But it's Java/PHP interaction that I'm interested in mostly.

Edited by Roger, 23 July 2011 - 02:47 PM.

[Colanth]

Old thread, but: I'd simply make a normal login/password login type of system and ignore the Android ID. My clients tell me what they want, but any client (and that includes makers of cellphones) who tells me *how* to implement it is either ignored (after being "yessed" to death) or moved to the "ex-client" list. (IOW, I won't support devices or browsers that force me to do things I don't want to do.)