在Android应用程序中存储用户设置的最合适的方法是什么？ [英] What is the most appropriate way to store user settings in Android application

问题描述

我正在创建一个使用用户名/密码连接到服务器的应用程序，并且我想启用保存密码选项，以便用户在每次应用程序启动时都不必键入密码。

I am creating an application which connects to the server using username/password and I would like to enable the option "Save password" so the user wouldn't have to type the password each time the application starts.

我正在尝试使用共享首选项，但不确定这是否是最佳解决方案。

I was trying to do it with Shared Preferences but am not sure if this is the best solution.

关于如何在Android应用程序中存储用户值/设置的建议。

I would appreciate any suggestion on how to store user values/settings in Android application.

推荐答案

一般来说，SharedPreferences是存储首选项的最佳选择，所以一般来说，我建议保存应用程序和用户设置的方法。

In general SharedPreferences are your best bet for storing preferences, so in general I'd recommend that approach for saving application and user settings.

这里唯一关心的是您正在保存的内容。密码永远是一个棘手的存储，我会特别警惕地将它们存储为明文。 Android架构是这样的，您的应用程序的SharedPreferences是沙盒，以防止其他应用程序能够访问值，所以有一些安全性，但对手机的物理访问可能允许访问值。

The only area of concern here is what you're saving. Passwords are always a tricky thing to store, and I'd be particularly wary of storing them as clear text. The Android architecture is such that your application's SharedPreferences are sandboxed to prevent other applications from being able to access the values so there's some security there, but physical access to a phone could potentially allow access to the values.

如果可能，我会考虑修改服务器以使用协商的令牌来提供访问，像 OAuth的。或者，您可能需要构建某种加密存储，尽管这不是平凡的。至少，请确保您在将密码写入磁盘之前加密密码。

If possible I'd consider modifying the server to use a negotiated token for providing access, something like OAuth. Alternatively you may need to construct some sort of cryptographic store, though that's non-trivial. At the very least, make sure you're encrypting the password before writing it to disk.

这篇关于在Android应用程序中存储用户设置的最合适的方法是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！