把你的用户名和密码放在客户端android应用里安全吗
[英]Is it safe to put your username and password in the client android application
问题描述
so I'm developing an application in android studio using Java. I'm using this service on my client application that needs my username and password.
所以我正在 android 工作室使用 Java 开发一个应用程序。我在需要我的用户名和密码的客户端应用程序上使用此服务。
private Rsms s= new Rsms("Username","Password");
but I don't feel it's safe to just put my username and password in the code.但我觉得把我的用户名和密码放在代码中是不安全的。
2 个解决方案
解决方案1
4 已采纳 2022-04-22 13:18:57
Your feeling is right.你的感觉是对的。 It is not recommended to store your password in source code.不建议将密码存储在源代码中。 Instead you can store it maybe in protected section .相反,您可以将其存储在protected section中。 You could use EncryptedSharedPreferences from the Jetpack security library like this :您可以像这样使用 Jetpack 安全库中的EncryptedSharedPreferences :
String masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);
SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
"secret_shared_prefs",
masterKeyAlias,
context,
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
);
// use the shared preferences and editor as you normally would
SharedPreferences.Editor editor = sharedPreferences.edit();
As already discussed in many threads, there is no "really secure" solution in Android. It is better if the user authenticates his password on the server.正如在许多线程中已经讨论的那样,Android 中没有“真正安全”的解决方案。用户最好在服务器上验证其密码。 If it is a developer web service, then in most cases you have an API that you can use.如果是开发者 web 服务,那么在大多数情况下你有一个 API 可以使用。 Then you can work with access tokens .然后您可以使用访问令牌。
解决方案2
0 2022-04-24 08:22:10
Try to save it with encryptedSharedPrefrences: https://github.com/behnamnasehi/EncryptedSharedPreferences尝试使用 encryptedSharedPrefrences 保存它: https://github.com/behnamnasehi/EncryptedSharedPreferences
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.