CODEWITHSUNDEEP
javascriptandroidtitaniumtitanium-mobileappcelerator-mobile
DevIntern
DevIntern

Reputation: 225

How to save persistent values in a Titanium Appcelerator App

I am trying to figure out the best way to securely save user info in my Android mobile app built using Titanium. I am confused about the best way to do it.

It seems that the easiest way is to save it as a property. Something like...

                Ti.App.Properties.setString('user_name', user.name);
                Ti.App.Properties.setString('user_id', user.id);
                Ti.App.Properties.setString('user_sessionid', user.session_id);

This seems great because these properties are persisted etc. However, based on what I read elsewhere, I am not sure if this is secure / best way of doing it.

Another approach is to save it as a Global property. 

                Alloy.Globals.userid = user.id;
                Alloy.Globals.user_name = user.name;

This is of-course not persistent and so the user has to login everytime. I am curious to know what others are doing, and what is the best practice. Any insight would be appreciated. Thanks!

Upvotes: 2

Views: 907

Answers (2)

Yozef
Yozef

Reputation: 829

Without a doubt, this module: https://github.com/benbahrenburg/Securely

Is the best way to store your 'small' data securely for iOS & Android.

//Require the securely module into your project
var securely = require('bencoding.securely');

// AES encryption
var plainTextString = "this is a clear text example string";
var usingGUID = securely.generateDerivedKey(Ti.Platform.createUUID());  
Ti.API.info("Derived key using GUID = " + usingGUID);
var aesEncryptedString = stringCrypto.AESEncrypt(usingGUID,plainTextString);
Ti.API.info("aesEncryptedString =" + aesEncryptedString);

// later on - decrypt it
var aesDecryptedString = stringCrypto.AESDecrypt(usingGUID,aesEncryptedString);
Ti.API.info('aesDecryptedString=' + aesDecryptedString);

There is also DES (sha256, sha512) encryptions methods in the module for your choosing.

Upvotes: 0

developer82
developer82

Reputation: 13713

I suggest you have a look at sculejs (https://github.com/dan-eyles/sculejs) - it's a noSQL database for javascript and one of it's core feature is that it encrypts the saved data and keeps it secure.

It was made for more than just small settings you would like to store, but can definitely suit your needs.

You can also use some kind of hashing on strings you like to store in app settings and encrypt/decrypt the data you store the way you mentioned in your question.

Upvotes: 1

Related Questions