在运行时在Java(android)中存储敏感数据
[英]Storing sensitive data in java(android) at runtime
问题描述
Is it safe to store sensitive data (passwords, etc.) in usual variables at runtime? 
在运行时将敏感数据(密码等)存储在常规变量中是否安全?
I mean something like this: 我的意思是这样的:
public class MainActivity extends AppCompatActivity {
// ...
String password; // this is my password
// ...
public void click(View v) { // on some button click
password = txtPassword.getText().toString(); // txtPassword is an EditText field
// ...
}
void someMethod() {
Intent intent = new Intent(this, SomeActivity.class);
intent.putExtra(password); // password needs to be passed to other activities
startActivity(intent);
}
// ...
}
This password has to be stored until user exits app. 该密码必须存储,直到用户退出应用程序为止。 Almost every activity needs it, so i have to pass it fro MainActivity when calling new Activity. 几乎每个活动都需要它,因此在调用新的活动时,我必须从MainActivity传递它。
Is it safe to store password like on example above? 是否可以像上面的示例一样安全地存储password ? If not then how should I do it? 如果没有,我该怎么办?
1 个解决方案
解决方案1
2 已采纳 2018-02-10 15:17:57
The problem is not how you use your password inside you code but how you retrieve it. 问题不在于您如何在代码内使用密码,而是如何获取密码。 For example, if you retrieve your data from an api without any kind of encryption, somebody can steal the packages in the network and get the password. 例如,如果您不经过任何加密就从api检索数据,则有人可以窃取网络中的程序包并获取密码。 Other thing is if you save your paswoord in a shared preferences, it can be easily steel it if you have access to the cellphone une a remote terminal. 另一件事是,如果您将paswoord保存在共享的首选项中,并且可以访问手机和远程终端,则很容易使它变硬。 so, if you want to be save with you password retrieve it from an safe api and use encryption in all the process to avoid any kind of steel. 因此,如果要保存密码,请从安全的api检索密码,并在整个过程中使用加密以避免任何形式的攻击。 After that, you can use it as you wish inside the logic of you app 之后,您可以根据需要在应用程序逻辑中使用它
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.