Answer the question
In order to leave comments, you need to log in
How to safely transfer access token to VKontakte without using https?
Hello! Tell me what is the best way to transfer the Vkontakte access token to the web server from a mobile application on android? It will be authorized. Without HTTPS, I'm afraid you can be compromised, and VKontakte tokens live for a very long time ..
There is an idea to use reversible encryption. For example, upon request, generate a key that is given to the user. Remember this key in the application and in the MySQL database in the key field of the user table. When requesting authorization, encrypt-decrypt it with this key, but again, the key in the clear will fly over HTTP.
Answer the question
In order to leave comments, you need to log in
It is best, of course, to raise HTTPS. But if this is a problem, then you can use an asymmetric key.
The server generates an RSA key pair, sends the public key to the client, and stores the private key. The client encrypts the information with the public key, transmits it to the server, which decrypts it with the private key.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question