You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@flex.apache.org by leokan23 <le...@best-web.gr> on 2019/03/08 15:58:26 UTC

Encrypt or Hide sensitive data

I am working on a new project, which needs to be a bit more secure than
usual. In the app there are several keys for 3rd party services (like push
notifications for example). This keys are used as String and I want to
encrypt them or hide them somehow, to avoid someone decompiling the app and
getting them.

What would be the best approach? 



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/

RE: Encrypt or Hide sensitive data

Posted by Jeff Dafoe <je...@gmail.com>.

Use a service to retrieve the keys before they’re needed for whatever.  The service should send them via an encrypted message, then decrypt into memory.  Clear the var as quick as possible when done.



________________________________
From: leokan23 <le...@best-web.gr>
Sent: Friday, March 8, 2019 10:58:26 AM
To: users@flex.apache.org
Subject: Encrypt or Hide sensitive data

I am working on a new project, which needs to be a bit more secure than
usual. In the app there are several keys for 3rd party services (like push
notifications for example). This keys are used as String and I want to
encrypt them or hide them somehow, to avoid someone decompiling the app and
getting them.

What would be the best approach?



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/

Re: Encrypt or Hide sensitive data

Posted by bilbosax <wa...@comcast.net>.
I pull a key and credentials from a database service that gets encrypted
through HTTPS.  I then use that key to encrypt data in a local sqllite
database.  I made it so I have to pull the key from the service everytime I
want the encrypted data from my local Sqllite.  Just don't ever lose the key
;)

Don't know how secure this is, but it was the approach I took.



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/

Re: Encrypt or Hide sensitive data

Posted by leokan23 <le...@best-web.gr>.
This is what I usually do, but what about the first credentials? They are
still available within the app. I mean the credential to authenticate the
service.



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/