Why we send Push from Server Side ?

Well that comment really makes it clear. Your orignal question wasn't. Yes certificate experation can be an issue. You could deal with it by ensuring you send out updates to your app before every expiration, or you could host your cert and the apps check the cert experation date for the cert they have and if its near the end it will poll your server to download the new one. This raises more issues. By allowing your cert to be downloaded someone could more easily get it and start pushing using your identity. But even if you bundle the cert in the app its easy for somone to extract, so I'd recommend against it. Use a server, and have a client send a request to that server to notify another client. That way only your privatly managed code/site is sending the actual push notifications, and you can always stop sending if someone starts spamming push requests. If its all client side they could spam notifications until Apple pulled the plug. If Apple has to do that they would block you from sending push since it was your cert doing the spamming.

So why do you think you shouldn't use a server? If you are just trying to avoid having to set up a server and code it, you have no valid reason.

I would assume Apple would watch the network communications from an app to and from its push servers, and they should easily catch this. It wouldn't shock me at all if they won't approve it this way.

Is it not allowed by Apple ? may be certificate expire is one reason. Still we could release an app update with new certificate.

Tharindu Madushanka 2010-06-09 19:25:38

iOS 4 supports client side push without having to deal with certs. Its still under NDA so this is all I can tell you. Look up Apple's docs about it. Its not that hard.

jamone 2010-06-09 19:53:38

local notification (which i think is what u are refering to) is not like push notification... you cant push due to some change in your server, you still have to use apples push notificaiton for that..

Daniel 2010-06-09 20:56:29

actually I wanted to know whether one Device can push to Another Device knowing other device's token, having certificates on Documents directory using APNs. Without having a server side script. The problems that could occur if I do so ? Certificate expire is a problem isn't it ? Other than that no any other issues ? security is another problem. Any reason that could cause rejection ?

Tharindu Madushanka 2010-06-10 05:24:56

i dont think u can do this when the app is not running since you would need to have a socket open listening for these notifications..correct me if i am wrong

Daniel 2010-06-09 20:58:07

Correct, I took it to mean he wanted to push to a device from another device (directly)

ACBurk 2010-06-10 00:46:13

Yep. I want to send a push from one Device to another, knowing other device's Device Token. It's possible isn't it ? is there any agreement problems ? that app will be rejected by apple ? Push Certificate expire once a year is an issue. so then we have to release a new version of the app. all users have to update.

Tharindu Madushanka 2010-06-10 05:21:50

I believe it is technically possible. I've been using urban airship for my push messages. They add a layer of authentication so they store your cert, but they have a login, secret, and master secret. The master secret is what can send push messages. They say you COULD put that in your app to do a push from the app but they STRONGLY ADVISE AGAINST IT. I think this warning should be even stronger if you are talking about putting your cert in your app. It seems like an extremely, extremely bad idea to me, security wise. I'm not sure what Apple says about this, they might not even allow it.

ACBurk 2010-06-10 07:25:21

Thanks. :) I wanted to get this idea clear. you are right.

Tharindu Madushanka 2010-06-11 07:53:59

ansaurus

tags:

views:

answers:

Why we send Push from Server Side ?

related questions