Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

iOS

Kenan Bateman
Kenan Bateman
16,715 Points
Posted by Kenan Bateman
Kenan Bateman
16,715 Points

Data security in iOS / server interactions

Can anyone link to any resources or maybe post some best practices here on securely posting data to servers? I know Treehouse is still working on that course.

Specifically I'm looking for the best way to send info to our server in a secure way

  • login / password
  • payment info for purchases
  • user info

Any help would be appreciated

2 Answers

Andrew Shook
Andrew Shook
31,709 Points
Andrew Shook
Andrew Shook
31,709 Points

Any time you're passing "secure data", i.e. password, credit card numbers, etc., you should be using an https connection. This will at the very least prevent packet sniffing and man-in-the-middle attacks. For every thing outside of credit cards and social security numbers https should cover 90% of your needs. If you want some extra coverage, you can encrypt all your json data passed between your servers and your app similar to the way javascript web tokens work. This has the downside of adding some computation time, but it can be mitigated. As far as credit cards go, I would use a third party solution like paypal or stripe. PCI compliance is it's own speciality, so just let the experts handle it for you.

Kenan Bateman
Kenan Bateman
16,715 Points
Kenan Bateman
Kenan Bateman
16,715 Points

Andrew Shook Is there anything beyond just having an HTTPS certificate set up on our website? Or are there specific practices we need to implement when transmitting that data to an HTTPS URL beyond just appending it as a string in that URL?

We actually already use Stripe for our payments :) I'm just trying to get up to speed on how to integrate iOS properly as once the data gets to our web server, everything from there is set.

We are transmitting sensitive data like credit cards / SSNs to our server and then passing to Stripe from there. I just want to make sure I'm transmitting it to our server intelligently from the iOS app.

Is there an article you could link to that explains the best way to encrypt in Swift / decrypt that data on the server?