How to safely transfer access token to VKontakte without using https?

R

redtram19912016-01-10 10:24:34

PHP

redtram1991, 2016-01-10 10:24:34

Hello! Tell me what is the best way to transfer the Vkontakte access token to the web server from a mobile application on android? It will be authorized. Without HTTPS, I'm afraid you can be compromised, and VKontakte tokens live for a very long time ..
There is an idea to use reversible encryption. For example, upon request, generate a key that is given to the user. Remember this key in the application and in the MySQL database in the key field of the user table. When requesting authorization, encrypt-decrypt it with this key, but again, the key in the clear will fly over HTTP.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

Rsa97, 2016-01-10
@redtram1991

It is best, of course, to raise HTTPS. But if this is a problem, then you can use an asymmetric key.
The server generates an RSA key pair, sends the public key to the client, and stores the private key. The client encrypts the information with the public key, transmits it to the server, which decrypts it with the private key.