I'm beginner in eclipse and android apps. what can I do for security of database? prevent hack or steel my database of my app. And where is database of apps in mobiles with android OS?
You can't. It is pretty trivial to get it, no matter what you do. If you want to keep your data safer, you can drop the local database, and make a web service where you get your data from. Then you will have to make some restrictions, so people will not rip your data fast. This is known as anti-farming and you can see more at https://www.owasp.org/index.php/REST_Security_Cheat_Sheet#Anti-farming
But this will only slow people down, and as the article says, large resource adversaries will still be able to get whatever they want.
What to do: don't focus on it, build a awesome app, so no other will reach your user level/profit.
Take a look at https://www.zetetic.net/sqlcipher/sqlcipher-for-android/. It is possible to create a encrypted database with that library. You should only think about where to place the key of it. One possible solution is that user has to enter the password via login dialog for example.
The database and app specific data is located at /android /data/package of your app folder.
Related
I have an electron app which persists data in an SQLite db stored in my machine. I have all the setup for the CRUD operation and the application works fine. Now I need to encrypt the SQLite DB file. I searched online for solution but all the solution are for pre-encrypted DB which is being decrypted inside Electron.
The requirement is, user will provide the password using which the app will encrypt the DB file and going forward user will provide the password to decrypt and perform the CRUD operation
Any idea how to achieve this?
P.S.: I have checked with SQLCipher docs and I don't find what I needed. So far, I am using sqlite3 node module to perform CRUD
Edit 1: I tried to use sqlite-cipher module and I was able to encrypt the db in a separate js file. but when I integrate the same with the electron ipcMain, the app closes due to high RAM consumption.
Any suggestions???
If you're using SQLite the best option is use SQLCipher. The problem is that you will have to compile new binaries to work and there are some limitations with the versions of SQLite and SQLcipher for node.
You can use this package: https://github.com/journeyapps/node-sqlcipher
or compiling manually, here you have an example https://gist.github.com/aguynamedben/14253e34bc7e0a881d99c8e45eb45a47
Encryption in electron app is a tricky thing.
This is because it can give you false sense of security.
You might encrypt your local db, but with electron it's so easy to decrypt it back that perhaps it's not worth it at all?
It's very easy to get sources of your electron app. Minification helps only a little bit, but this is not real protection.
There are many approaches you can take but they vary on circumstances.
The questions which needs to be answered are:
who are you trying to protect against?
is security critical or this is only basic measures so not everyone can get data from db at first
glance?
does the user using the app have admin user rights on the
machine?
are you accessing db directly through electron app, or some
kind of system wide service (deamon) is communicating with db and
passing results to electron app.
if previous is "yes" how do you communicate the
service with the electron app and how is this secured?
Take a look at source code access discussion:
https://github.com/electron/electron/issues/3041
and also check this article (especially the security part):
https://hackernoon.com/electron-the-bad-parts-2b710c491547
I am setting up a DTAP environment for Google App Maker. Google App Maker enables working in a singe file very well, however there is one use case that I would like to simplify.
For each deployment I need to "know" certain things in the back end script. Things like the ip address of the SQL server, or usernames and passwords. This information needs to be retrieved fast and often, given the stateless nature of google.script.run.
The best solution so far is a settings form, combined with google drive tables and caching. This works, but it is not simple, and things could fail easily. The other approach is hard coded and linked to the deployment url. This is fast and simple, but also means that all the credentials are in the source.
I am looking for a better solution. Apps Script used to have the script properties. Is there a similar option in App Maker, with a UI to maintain the settings.
There is no built-in UI to manage script properties, but App Maker's runtime (Apps Script) provides API to perform CRUD operations on it:
PropertiesService.getScriptProperties().setProperty('testKey', 'testValue');
...and you can 'easily' build the UI on top of this API. In answer for this question are highlighted major steps to achieve this: Google App Maker how to create Data Source from Google Contacts
Here is a feature request for the first party support. You can up-vote it by giving it a star:
https://issuetracker.google.com/issues/73584947
I was thinking of making an app which plays a specific set of small audio files stored away in a firebase database, or any other database on the cloud.
The number of files may exceed hundreds, so wrapping all the files in the app might not be the best of ideas.
I'd really like to know how to go about this problem.
Downloading only the required file from firebase when it's clicked and playing as its being downloaded all the while caching it for future playback seems plausible, but I'm not quite sure how to implement it.
I'd appreciate a few pointers towards this, thanks
Yes. You are thinking in the right direction.
You might use these things.
App UI - Ionic2 will provide you a very nice and easy to implement platform to create a UI. Please refer this documentation for the basics and details about using Ionic2.
Local Storage - You can use this to store downloaded files. In any app where data is relatively large, using local storage is the smart choice. This helps you reducing the size of the initial app to be installed and download the content as and when needed.
A well defined database - Now, whether to use non-structured (No-SQL) or structured (SQL) is the first choice you have to make.
If it's just content - audio files download and play with no complex cross querying the database, then you can choose to use non-structured (No-SQL) database like Firebase database.
But, if you have good requirements for structuring data, query it with constraints like "Give me all the audio files list where a particular user has played it in last 10 days" or "Give me all the users who has played/downloaded a particular audio file more than 10 times" and so on, then you better use structured (SQL) database like PostgreSQL.
RxJS - Now, this might not be very important to do, but, if you use this from the start, it's a good choice. Advantages are, e.g. you might not have to wait for all the file to get downloaded before playing it. Use Observables and Promises for such a mechanism.
Could help with the specifics when needed. Hope this helps. :)
currently I am writing a Windows 8 App with Sqlite as a database. I want to give the user the ability to view his data in every instance of the app on any device. Usually this problem could be easily solved by using a online database like Windows Azure. But this is not an option in my case.
Is it a good idea to use Microsoft's free service "Skydrive" as a platform to synchronize database files among several devices? Does somebody know any open source projects or blogs that are dealing with this problem that could save me some time for writing the necessary code?
If it's a bad idea, which other options are there that I could use. I want to keep Sqlite as the database for my App.
I am glad to get any kind of feedback or links to resources that might help me.
Best regards
Philipp
imo it isn't a good idea cause the access to db files is to easy. Ofc you can say that access to database files is easy cause you need to just know the app data path to package of your app but still it`s much more difficult than just opening skydrive. And think what would happen if someone would make this directory on skydrive as public.
I would combine local db and online db. Online db as a service for synchronizing data and local db for normal work.
We have a Web login feature. We will offer Free calls to a large campaign.
Scenarios:
Because of free calls, we will offer a unique file to be downloaded and stored
After a week or month we will call them and offer them our desktop application to scan and see how trusted, the user is
If we dont find the same file again, we will never start business and more our own statistics
Based on that report we want to do some follow ups campaign
We can do this with cookies but we want user experience and trust analysis
Example:
if you play a music in youtube.com, without notice your file is actually in /tmp/Flash....flv with lot of data on it.
Question:
How can i do the similar using Flex/Flash from the web browser ? Please kindly advise to any link or existing resource..
Thanks in advance.
You cant write file on Client PC trough Flash.
You can use Shared Object which are very similar to Normal Files and they will not be deleted in most cases.
http://learn.adobe.com/wiki/display/Flex/Shared+Objects
Claudio
In short, you can't. Flex in the browser doesn't have any filesystem access.
The only ways to store persistent data from the browser with Flex are through cookies, browser hacks like the evercookie and local shared objects.