是否在PhoneGap中保护敏感信息? [英] Securing sensitive information in PhoneGap?

问题描述

我有许多要保护的REST API密钥(Google地方信息等).阅读Google网上论坛和SO似乎不是解决方案，也不是使用钥匙串，所以当IPA包可以拆包和阅读时，您如何建议加密/保护敏感信息? (我不想在Objective-C中重写应用程序).

I have a number of REST API Keys (Google Places, etc) that I want to secure. Reading Google Groups and SO it seems obfuscation isn't a solution, neither is using the Keychain, so how do you suggest encrypting/securing sensitive information when the IPA package can just be unpacked and read? (I don't want to rewrite the application in Objective-C).

推荐答案

如果您可以选择自己托管网络服务，则可以让设备与自己的服务器通话，而不是与Google的服务器通话.它可以充当代理:设备使用您选择的方案对您的服务进行身份验证，而永远不会看到安全地驻留在您的服务器上的API密钥.该过程与网站上的工作过程非常相似(浏览器也不直接与后端服务提供者对话，而Web服务器代表它进行对话).

If you have the option of hosting a web service yourself, you can have the device talk to your own server instead of Google's. It would act as a proxy: The device authenticates to your service using a scheme of your choosing and never gets to see the API key, which rests securely on your servers. The process is very similar to how it would work on a web site (where also the browser does not talk to the backend service provider directly, but the web server does it on its behalf).

这篇关于是否在PhoneGap中保护敏感信息?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！