I want to create a webservice to get access to a mssql-server from a smartphoneapp (Xamarin). But i don't want that everybody can use the webservice. So I have a table with accounts and when sb is calling the webservice i'm checking if the username and password (as hash) are in the table. But i think that a hacker can easily get the call of the service and with this the parameters like username and password too. So he can call the service with this logindata. So my question is how can i avoid this? (I have an ftp windows server with a https certificat - can i use the https connection so the hacker can not get the data?)
Aucun commentaire:
Enregistrer un commentaire