For my Android applications, I typically query databases by delivering GET or Publish parameters to numerous PHP script Web addresses, which goes xml or json which i parse during my application.

But when I've got a database with personal protected information inside it that customers would normally make use of a login/password to gain access to, what's the ultimate way to querying these details in the application? My above method works, but I'd most likely have to send anyone's login/pass as GET or Publish parameters... but that appears like an awful idea...

Typically having a web application, a person logs in after which PHP periods are utilized in the future. Unsure how to overcome this kind of factor by having an Android application though.

I don't think authentication is separate for android programs the connect with web services.

You'd replicate exactly the same authentication mechanism that you employ inside your web service around the android. In other words, if you are using http authentication inside your web service (which sends obvious text passwords), you'd replicate http authentication around the android. Should you don't want to pass through obvious text qualifications with the wire, you'd first need to implement some thing secure (https) inside your web service first.

For my project, I pass the obvious text qualifications utilizing a Publish request towards the server. Browsers also transmit obvious text passwords. After authentication, the service transmits back an expression (a database user id inside a trivial situation) which should be incorporated in most future demands that needs a person to become drenched in.

When storing the login id &lifier password into preferences, I personally use sha1 to hash it first. That entails that the next time around, my web services are passed the hashed qualifications and should know how to approach it.

This mechanism is straightforward and suffices for my need. I am unable to really afford, with this project, something similar to https.

Utilizing a PHP script middleman is definitely safer than directly hooking up to some database since you can add your personal layer of security.

During my application that performs this, I scribe and decode the information being passed having a hardcoded salt, and employ produced authentication tokens for just about any transactions that need the consumer to become drenched in.

It truly is dependent on which you are attempting to do particularly, though.