Next Generation Wireless Applications: Creating Mobile Applications in a Web 2.0 and Mobile 2.0 World, 2nd Edition by

9.3 ENCRYPTING THE HTTP LINK

Ultimately, the best solution is to secure the entire pipe to make sure that nothing can be gleaned from our communications in the first place. If this is achievable, then any amount of hacking sophistication by being ‘man in the middle’ should be to little or no avail¹⁴. A protected link defeats all hacking attempts that we have thus far identified, except for some types of spoofing, which, as the sidebar¹⁵ identifies, may be particularly troublesome for mobile users.

Figure 9.14 shows us what securing the pipe is about. Using encryption, we cipher all the information flowing between our device and server, with these two end points being the only the true endpoints of the ciphering. If the encrypted HTTP link runs from the user's device all the way to the server where the sensitive data is coming from or being requested by (e.g. a username and password), then this is call end-to-end encryption.

Ciphering results in the data becoming completely obfuscated to everyone, unless they have the means to decipher it, although that is a capability that we can use clever means to guard against, as we shall see in a moment. Only the intended recipient has the required deciphering ability. Because the information is obscured from everyone except the intended recipient, we don't really mind about a ‘man in the middle’ or even ‘men in the middle’. Any amount of sucking data from the pipe in order to attempt reading it is no longer a concern. In fact, we could say ...