Reputation: 876
Quickblox: prevent user from creating account
Currently, as per sample app of quickblox, Account key, Service Key and Service secret is stored in app itself.
My concern is that anybody can easily reverse engineer an app to get these secrets and create any number of fake account to troll other users (or even delete accounts?).
Alternatively, even if I generate session token on server, a user can get hold of this token and (as per my understanding) achieve the same thing as above.
What I want is to give user just enough information to login with his server generated credentials and send/receive messages.
Is there a way to achieve this? Maybe something like creating a session on server which allows only login and chat.
Upvotes: 2
Views: 551
Answers (1)
Reputation: 18346
The right way is to obfuscate your Account key, Service Key and Service secret values
there are a lot of ways to do it, also ProGuard can help with this
You also can create a session token on a server side and pass this token to your app by some way, for example to have another backend with such API, so end user will request a token from that API and next just use it withiut storing any sensetive data inside an app
Upvotes: 0
Related Questions
- Restrict quickblox user creation
- How to block a user in QuickBlox?
- Quickblox shares users across applications
- Quickblox User registration "Error reasons:(null)" IOS
- Signup/Register user using quickblox?
- Quickblox iOS - Error Creating User in New SDK
- Register user to QuickBlox Users from android
- Login for chat in QuickBlox for Android app
- Quickblox - How to register New user in QuickBlox API
- How to create a temporary User in QuickBlox?