Do I need a type of encryption for connecting to an external database in Xamarin
Question
I'm currently working in a crossplatform app using Xamarin. The user can log in and sign up, to do this I need to connect to my external database which hosted in 000webhost.
I'm using this code to connect to my database and create an account.
HttpClient http = new HttpClient();
string ss = "https://testdatabase.000webhost.com/database.php";
var formContent = new FormUrlEncodedContent(new[]{
new KeyValuePair<string,string>("Name", name.Text),
new KeyValuePair<string,string>("Email",email.Text),
new KeyValuePair<string,string>("Mobile",mobile.Text),
new KeyValuePair<string,string>("Password",pass.Text)
});
HttpResponseMessage response = await http.PostAsync(ss, formContent);
var responsedone = await response.Content.ReadAsStringAsync();
So here is where my question is... Is this a safe way to connect to my database. If not, what can I do or change?
Thanks in advance!
1 answers
solution1
0 2017-12-13 18:11:34
How are HTTP requests to that server authenticated (Can somebody other than you make requests to the server)? Do you trust 000webhost with your users' passwords? Do your users trust 000webhost with their passwords? Are the passwords hashed prior to being stored in the database? The usage of SSL/TLS only provides safety from third parties snooping on the traffic across the network, but does not automatically make everything safe and secure.
To me, your solution looks unsafe and is asking for trouble. You should research how to properly authenticate users. Here is a document from OWASP with some guidelines https://www.owasp.org/index.php/Authentication_Cheat_Sheet
Possibly look into OAuth or OpenId to authenticate your users instead of hand rolling your own authentication.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.