Android Client, Http Server, How Do I Know Client Is Sending Data Using My App? Authentication

I have client/server data passing all working correctly. Text, Images, etc. My users create blog-type posts on their android device, and upload to my server.. All is done using HTT

Solution 1:

I finally got it all working, server and client two-way ssl authentication.

I used the instructions here to setup my own cert authority (ca) http://www.garex.net/apache/

I followed the commands there to generate my own ca, server and client files..

The big "GOTCHA" was that in the "create client certificate" section, the garex.net link uses a 1024 size client key. As it turns out, this was throwing the exception java.io.IOException: Wrong version of key store

To get around the above exception, I had to use only 512 sized keys.. This is done by NOT including the "1024" parameter to the openssl genrsa genkey command..

Finally I want to add a link to a tool I ended up using instead of Portecle.. I found the keytool gui program here of great help and easier to use than the portecle one - http://www.lazgosoftware.com/kse/index.html

This issue was a bit of a pain in the butt so I will keep an eye on this thread.. Feel free to reply if you run into any roadblocks..

Solution 2:

You can use a captcha to solve this problem.

1. Before submitting the post, request the server for a captcha.
2. Server associates a random captcha image with a unique key, and sends the application both the captcha and the key.
3. Show the captcha image to the user.
4. Send the post, the letters entered by the user and the unique key in your http request.
5. Server verifies the captcha letters based on the unique key.
6. If captcha verification succeeded you add the post, otherwise you don't.

This should solve all the scenarios.