Menu
Overview
I'm looking to start developing iOS apps using HTML5, jQuery, and ColdFusion. My understanding of this is to have jQuery call the ColdFusion API's for all of he back-end functions. Great! My question is mostly about the page structure and API security.
Application Structure
In my head I suggested that the actual structure of the app should be similar to this:
<html>
<head>
<script src="http://foo.bar/path/to/jquery.js"></script>
<script src="http://foo.bar/path/to/api.js"></script>
<script src="http://foo.bar/path/to/anyother.js"></script>
</head>
<body>
...
</body>
</html>
The idea of this is for organizational purposes. I don't want to include any API calls inside the actual app. I would like it to be located on a remote machine. This will allow me to make edits without resubmitting the app to the app store.
Security
Will this structure be a security risk? Is there anything I can do to enhance the security of this? Perhaps only allow API calls coming from a mobile device? Or perhaps require some sort of key?
Also, when it comes to the actual API itself. How would the function's security work?
<cffunction name="newRemoteResponse" access="remote" output="false" returntype="struct">
....
</cffunction>
What parameters would you recommend to make this the most secure?
977
When you make XHR calls to CF from your mobile app, sessions will be respected. That means you can use XHR to call a login method, set a session var on login, and then in other CFC methods, ensure that session value exists before you return any data.
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
