I saw some activity on my app where a user invoked the user registration script from outside my app and got themselves registered into the database.
Does appery provide any security measures where this script can only be invoked through the app?
Re: Server code security
The problem you're encountering isn't unique to Appery's backend; it's a common one that can affect any backend system.
Here are a couple of possible solutions that could help:
- Embed a security value into the application, then relay it when executing the registration server code.
- Send a push notification to the phone and transmit this code during the registration process.