I have following scenario: The Android clients communicate with a PHP server via HTTP Post. The PHP server is communicating with mySQL database and sends the output as JSON to the Android client. I have stated this already in question: securing connection to php server
The conclusion there is to use TLS/SSL to secure the connection. Unfortunatelly my server does not support tls.
Is there some other way to somehow make it little more difficult to get the API of my php server, so people cannot post via PC to my server.
I thought about gzip, but I it will be a low barrier...
So if someone sniffs the traffic with wireshark, he should not easily get how the communication to my php server is done.
you could create some sort of hash of all the data you are sending to the server, then send that hash along with the data to the server, the server could then calculate the same hash and check it against the sent hash. then no one could send their own data unless they figure out how the hash is calculated.