We are planning to develop an android application with web service integration using SOAP . There are some authentication details(user id ,password etc.), which are needed to access the web-service . Is it secure to put this details in application's local database? If you have any alternate options, please share with us.
I suggest not to save passwords locally, it's not safe to do that.
You can use userid to store in local database.
But i think you don't need to save password in your local database.
So, my suggestion is, if necessary store userid not password or another option is use "preference" for this type of storage.
Related
I need to add a password reset part to my application but in my application user's email and password store in the realtime database not in the authentication database. Like this:
Actually I do not care about security so I just built this for my education purpose. Can you give me any tutorial or example that I can follow to code the reset password part?
Should be relatively simple to do.
Video here on it
https://www.youtube.com/watch?v=0-DRdI_xpvQ
However, please do not store passwords as raw text data. It is insecure and not good practice. Sure its fine for demo applications but you should store them using some kind of encoding/encryption/hashing.
Well, the Firebase authenticator has a function to reset the password via email, if you want to try with that one.
If you want to stay just with realtime DB my suggestion is to update that value for that specific user Google Firebase Documentation for that
I'm new in android, I am developing web application by android studio.
When user open application, there is activity login. User need input ipaddress of server, username and password before access application.
What I want to know, Is it possible to save ippaddress and other data to something like SEASSON/Cookies Web in Android Studio? So user only need 1 time to input data, store it and ALL activity inside application will get that data everytime it needed.
Thankyou my friends.
If you want to keep the User's Login data locally, encrypt the values and store it in Shared Preferences or in SQLite Database.
I think storing it locally is the best option because it wouldn't require your app to make network calls every time user opens the app.
Here are my suggestions:
1. If you have a web service, encrypt and persist the values securely to your web service via a post
2. Encrypt and store the values in shared preferences
3. Encrypt and store the values in a sqlite data base on the device.
I want to ask a question from my app users and get their answers but i don't know how to collect those data.
Please help me I need it.
You can use a form inside your application. And, ask users to fill that form. The forms needs to be connected to an database server. You may use 000webhost.com (free) to create your database. Just populate the table in database from the user response.
For this follow the following procedure:
1. Create a online database (000webhost.com)
2. Write php code to insert data into the database form and save that php on the file manager on server.
3. From android create a async task to execute that php.
4. Pass your parameter or user response as request attributes while executing the php.
5. php will save user's response on your server.
Now you can access that database from anywhere.
Note: This may require an internet connection in application.
Your question is much vague.
In general, app need to use HTTP POST with some standard data format as JSON/XML for communication between web server/client app.
This way client apps send/receive data in portable format across platforms &
implements UI/functionality as per platform standard e.g. Android or iOS
You could implement Google analytics in your app. Raise an event when you ask a question.
Im using MySQL with PDO PHP scripts to maintain a user database and a highscore database.
When a user obtains a new highscore in the Android app, I send it to the server:
https://domain.com/phpscript.php?user=username&newhighscore=highscore
In here username and highscore are variables. Every web browser can access this url. If anyone decompiles my app they will know where my database is located and they can fake their highscore. Obfuscation and encryption for the url is probably not an option since they can always be reversed.
Is there any way I can protect these URLS so ONLY my Android app can access these pages, and not just any browser?
If a call to https://domain.com/phpscript.php?user=username&newhighscore=highscore is all you need to update the highscore for a user, you are in deep sh*t.
You need some sort of authentication - which is what you might mean with "ONLY my Android app can access these pages", here are a few ideas:
On first start of you app call another script to facilitate exchange of some token. Store this token in your app and in your server-sided DB and use it as a verification token, e.g. https://domain.com/phpscript.php?user=username&newhighscore=highscore&salt=abc&auth=xyz with abc being a random salt and xyz something like hash(encrypt("user=username&newhighscore=highscore",key=token,iv=salt)+salt)
use the phone ID as part of the authentication scheme
I have an app which will connect to server and provide some basic connection credential information like server url, userer, application id etc What is the best option for storing this information within the android app? Should it be a preference? not sure where to store these items. I should clarify this question a bit. There are different levels of security requirements, so I am interested in hearing about how to encrypt the password etc, but there are also items which are generally not encrypted like connection urls etc, so I am also interested in how to store such information as well. I am basically looking for a better solution
You can programatically CRUD SharedPreferences to store this information. PreferenceManager.getDefaultSharedPreferences is one way to access them. Read this guide to get started: http://developer.android.com/guide/topics/data/data-storage.html#pref
Android will prevent other applications from accessing whatever you store in SharedPreferences or a SQLite database. In either way, you are still storing information in the clear. If an attacker gains root access, they can read that information.
Update - I couldn't find this earlier, but here is some sound advice from Reto Meier: What is the most appropriate way to store user settings in Android application
You want to use an HTTPClient and store these values in session cookies (handed out by the server).
These cookies are automatically managed by the HTTPClient whenever you make a request until the cookies expire.
DO NOT DO NOT DO NOT store this information in a local database or in Preferences. Anyone that plugs that phone into their computer can browse the database extremely easily if they are so inclined.
I think preferences is the best. Storing in SQLite database might not be secure.
Databases can be pulled out and accessed(also using SQLite Editor apps), but preferences cannot be accessed by any other applciation.