Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Adobe AIR Development

Reply
Developer
Posts: 232
Registered: ‎01-30-2011
My Device: Dev Alpha C, Z10 LE
My Carrier: P4
Accepted Solution

How much is safe to send post request for my application?

I want to send scores from my app to my website using POST request. But I don't know, is this method safe or not? - Can user show which variables are send from my app to my website and what is the address of this page?
All time online Smiley Very Happy
Developer
Posts: 6,473
Registered: ‎12-08-2010
My Device: PlayBook, Z10
My Carrier: none

Re: How much is safe to send post request for my application?

Depends what "safe" needs to mean to you. Are you just worried about the data being seen? Or are you concerned about people faking the request and submitting bogus information?

The "visibility" concern can be addressed largely by sending via SSL, which would mean supporting the https protocol in your web server.

Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!
Developer
Posts: 232
Registered: ‎01-30-2011
My Device: Dev Alpha C, Z10 LE
My Carrier: P4

Re: How much is safe to send post request for my application?

Yes, I just worried about the data being seen.
Eg.: I want to send score as POST variable and I worried about this, that user can be send a super-score, because he can do it...
All time online Smiley Very Happy
Developer
Posts: 6,541
Registered: ‎10-27-2010
My Device: HTC One, PlayBook, LE Z10, DE Q10
My Carrier: Verizon

Re: How much is safe to send post request for my application?

POST it via HTTPS. You will probably need a certificate to be secure. You could encrypt the data being posted and decrypt on the server side, but that is not more "secure" than HTTPS.
Developer
Posts: 232
Registered: ‎01-30-2011
My Device: Dev Alpha C, Z10 LE
My Carrier: P4

Re: How much is safe to send post request for my application?

[ Edited ]
jtegen, I worried only that the user will be able to view the POST request destination address or name / value variables sent
All time online Smiley Very Happy
Developer
Posts: 6,541
Registered: ‎10-27-2010
My Device: HTC One, PlayBook, LE Z10, DE Q10
My Carrier: Verizon

Re: How much is safe to send post request for my application?

If you're doing it code, they cannot see the address. If its HTTPS, they cannot see the values of the post. HTTPS is your safest bet. You can add authentication tokens too, so even if they see the address, it is useless if the wrong signatures are given. Also, unless you're dealing with credit cards, social security numbers, or other sensitive information, be careful not to over due it because your support effort will be more.
Developer
Posts: 232
Registered: ‎01-30-2011
My Device: Dev Alpha C, Z10 LE
My Carrier: P4

Re: How much is safe to send post request for my application?

Thanks for help!
All time online Smiley Very Happy
Highlighted
Developer
Posts: 114
Registered: ‎08-09-2010
My Device: Tour
My Carrier: Bell

Re: How much is safe to send post request for my application?

You might also want to review this thread: PlayBook Online Leaderboards

 

It's a discussion of what "user generated content" means, which you should at least be aware of if you want your players to be able to see the results of what gets posted to your leader board.

 

Naturally the guidelines from RIM leave a lot open to interpretation...