Android:数据库如何安全应用程序 [英] Android: How safe is database packed with application
问题描述
我想知道它是如何安全的打包数据库与android中的应用程序。数据库可以被用户轻松访问吗?因为我拥有的数据库会有数据,我不想被用户误用,在移动应用程序中保护数据库的最好方法是什么?
我的应用程序将使用Web服务(联系我自己的网站)例如http:\www.mysite.com / services / xxx
我的网站将依次向移动应用返回一些数据。如果有人反编译java代码(在apk中),他将很容易访问我用于Web服务的URL。我如何保护我的网站上的数据被恶意用户攻击。如果任何人知道的URL,他可以在浏览器中输入该URL,并获取所有我不想要的数据,json格式的所有数据,可以是相当敏感。即使我保持编码,用户可以从java代码(他在反编译APK后获得)中获得编码。
如何保持我的数据库安全
如果我的应用程序是要显示当地的地方,如餐馆,酒吧等在手机上,我应该总是使用网络服务从网站提取他们,或提供一个本地数据库,以便可以快速获取这些信息。在这种情况下,我可以提供一个UPDATE Web服务,它将更新本地数据库。但是我非常关心本地数据库的安全。
任何人都可以建议在哪里保存数据库以及如何保护数据库?
Rgds,
Sapan
本地数据库和您的apk文件可以由任何带根设备。 此工具甚至可以反编译您的资源,如这个YouTube教程(我从来没有尝试过自己)。
因此,您必须将您的数据存储在您的数据库中,并从您的应用程序代码解密,以确保没有人可以通过简单地获取数据库形式的 data 目录
您不应该将敏感数据(如密码等)放在资源文件夹中,因为它可以被反编译,放在代码中。 p>
现在给你的JSON API一些字。隐藏URL是不够的,因为用户可以通过嗅探器轻松跟踪您的请求,并得到它。您应提供身份验证机制以保护未经授权的访问,并通过SSL保护您的通信。 (例如使用 HTTP验证 - 只有在您的服务器提供SSL时才有意义。)
这是你应该考虑的事情,决定你的数据实际上是多么敏感。
I want to know how safe it is to pack the database with the application in android. Can the database be easily accessed by the users? As the database that I have will have data which I dont want to be hacked by users for misuse, what is the best way to protect the database in mobile apps?
Also my application would use web service(contacting my own website) e.g. http:\www.mysite.com/services/xxx
My site will in turn return some data to the mobile app. If someone decompiles the java code(in apk), he will easily get access to the URL i am using for web service. How can i protect my data on website to be attacked by malicious users. If anyone gets to know the URL, he can simply type that URL in browser and get all data in json format which i dont want as that data can be quite sensitive. Even if I keep it encoded, then the user can get to know the encoding from the java code(which he gets after decompiling apk).
How to keep my DB safe from being misused?
If my application is to show the local places like restaurants, bars etc on mobile should i always fetch them from the website using web service or provide a local database with these details so that information can be fetched quickly. In this case , I can provide a UPDATE web servcie which will update the local database. But security of local DB is of great concern to me.
Can anyone please suggest where to keep the DB and how to safeguard it?
Rgds, Sapan
Local databases and your apk file can be read by any rooted device easily. This tool can even decompile your resources as explained in this youtube tutorial (I never tried that myself actually).
So you would have to store your data encrypted in your database and decrypt it form your application code to be sure that noone can access it by simply getting the database form the data directory of his device.
You shouldn't put your sensitive data (like passwords etc) in the resource folder, because it can be decompiled, put it in your code.
Now some words to your JSON API. Hiding the URL is not enough, since the user can track your requests easily by a sniffer and get that anyway. You should provide a authentication mechanism to protect unauthorized access and also protect your communication by SSL. (E.g. using HTTP authentication - makes only sense when your server provides SSL.)
This are the things you should think about and decide yourself how sensitive your data actually is.
这篇关于Android:数据库如何安全应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
