I need to add a password reset part to my application but in my application user's email and password store in the realtime database not in the authentication database. Like this:
Actually I do not care about security so I just built this for my education purpose. Can you give me any tutorial or example that I can follow to code the reset password part?
Should be relatively simple to do.
Video here on it
https://www.youtube.com/watch?v=0-DRdI_xpvQ
However, please do not store passwords as raw text data. It is insecure and not good practice. Sure its fine for demo applications but you should store them using some kind of encoding/encryption/hashing.
Well, the Firebase authenticator has a function to reset the password via email, if you want to try with that one.
If you want to stay just with realtime DB my suggestion is to update that value for that specific user Google Firebase Documentation for that
Related
I'm trying to build a secure remember me system that allow user enter in the app without insert credentials each time.
i found this:
Add a "Remember me" checkbox in whitch was used sharedPreference that seems to me are not te best solution because every rooted phone can easily modify that params.
what's the best practice to follow?
well the idea behind remember me is that you trade in their user name and password for some sort of auth token from your backend, and save that in shared prefs or SQLite. You SHOULD NOT be saving their username and password anywhere. You should be saving a token of some sort for them. if they dont have a token stored keep them at login, and if they do then take them to the main page and send that token to a backend to be validated, and log them out if it is not
You can save credentials in SQLite. Encode them and decode.
You can implement own decoder if you want and saving credentials in SharedPreference.
We are planning to develop an android application with web service integration using SOAP . There are some authentication details(user id ,password etc.), which are needed to access the web-service . Is it secure to put this details in application's local database? If you have any alternate options, please share with us.
I suggest not to save passwords locally, it's not safe to do that.
You can use userid to store in local database.
But i think you don't need to save password in your local database.
So, my suggestion is, if necessary store userid not password or another option is use "preference" for this type of storage.
I am working on an Android project where I will have to edit (only decrement) data from an online database. I want to stop anybody from changing the values by themselves. It should be possible only through the Programming.
In short my online database would contain the Balance of a particular account.
While using some of my services in my app, the balance will get deducted.
App should only be able to deduct the value. I dont want any hacker to study my code and be able to increment the balance by any mean.
Is there any possible mean to add security to database. The database should be very secure.
If you want security over network, Do it using existing and well implemented secure protocol, e.g. TLS/SSL. openssl is one good implementation: http://www.openssl.org/
If you even want data to be secure on the server, even the root cannot access it, check this: http://css.csail.mit.edu/cryptdb/
I'm building an app on Phonegap (iOS and Android). Users sign up and then they can write private notes.
When they launch the app, they have to sign in on the remote server, there's the sync between remote and local (encrypted with user's password) db and then they can view their notes from local db.
The problem is: I want to ask them for the password only once, not every note they want to read.
Is there a way to safely share db's password between webviews, so that I can initialize on every page the encrypted websql db?
Alternatively, is there a way to initialize only once the encrypted db and to access it from different webviews?
Thanks a lot
Late answer. But if it helps someone.
If it's really necessary then an encryption decryption can be performed inside the app. Before saving the password in database like websql you can perform an encryption with your custom way and decrypt password with js after retrieval. This way your password is safe in database. Though as grant mentioned, there is no need for it in mobile device.
I am thinking about the design of an android application which will need to create user accounts and have some information about the app users. While researching in the internet and the developer site, I got the impression that to maintain the database , you have to have a server.
What if I don't want to maintain the account information in my own server (i.e. I am not willing to maintain my own server for this), what options do I have and what will be their drawbacks (if any).
If there is no other choice but to use a server, then can I get suggestions as to how can I modify my design so that I don't have to use a server.
I am a novice at this field, so I would appreciate advice.
Thanks in advance!
Create external database file with credential table in this table create appropriate columns like username,password etc..here if you have registered users then store those users details in credential table.Finally copy that database in assests folder then using SqliteOpenHelper class copy that external database to phone memory.Here you need to maintain registration page with conditions.If the user completes the registrations procedure with your conditions then store his/her details in credential table.When user wants to login to the App please check the username and password in credential table.