Reputation: 13527
How to build authentication on Phonegap?
I've found that you can quite easily open up a phonegap up and find your way to the source file. So where I previously thought I could have an awesome long secret url:
var USER_ID = getFacebookID();
var secretURL = 'http://www.example.com/api/39848923hbsdfk1wetdfdsdgdfgdfh/getData/' + USER_ID;
I now know this won't work, because anyone who checks the code will be able to get data for any other user. So how does one keep this information secret? How would I stop people from gaining access to anybody else's information?
Upvotes: 0
Views: 35
Answers (1)
Reputation: 1266
Data security is indeed a huge problem for Cordova/PhoneGap apps. The approach I've settled on is to require the user to enter password to use the app, and I then use that password and an encryption library like SJCL.js to encrypt any data I want to store. Since I don't store the password, a hacker can't use it to decrypt the data. The downside, though, is that the user needs to enter their password each time they run the app. Hope this helps.
Upvotes: 1
Related Questions
- Simple login system for PhoneGap app
- PhoneGap authentication with Ajax
- Basic Authentication with PhoneGap/Cordova FileTransfer
- Phonegap Authentication without username/password
- How to get a PhoneGap based app to authenticate against an ASP.NET Forms Authentication backend?
- Authenticate HTML5 application wrapped with Phonegap (or equivalent)
- Authentication in HTML5 + phonegap application
- Phonegap-Android Login Authentication App
- PhoneGap login form
- Phonegap Google authentication