26023

What's the best way to ensure privacy during communication between Cordova based mobile app and

Question:

I've built a mobile app based on Cordova, for both iOS and Android, i need to make secure communication between app and server. Request to server, in javascript, are like this:

request.open("GET", 'http://url/service?firstElement='+elem+'&secondElement='+elem2, false);

I've tried to use RSA encryption generating public and private key locally using pidCrypt libraries, the 2048bits key requires too long time to be generates, so i've used 512bits. The server is not be able to decrypt the message.

I'm looking for a better solution.

Answer1:

Try Using Send Ajax Request, Like This. I assume that you use php for Dynamic code (Server Side).

Here is Sample of HTML file which presant on your cordova, phonegap directory.

<form method = "post" action = "#!"> <div class="col-md-4"> <span class="help-block">Name</span><input type="text" name="username" class="form-control" /> </div> <br> <div class="col-md-4"> <span class="help-block">Password</span><input type="text" name="password" class="form-control" /> </div> <input type = "submit" value = "Save" class = "btn btn-success right" onClick="UpdateRecord();"/> </form> <script> function UpdateRecord() { var name = $("[name='username']").val(); var host = $("[name='password']").val(); jQuery.ajax({ type: "POST", url: "php/login.php", /* Or */ /*url: "https://www.yoursite.com/page",*/ data: "username="+ username+"& password="+ password, dataType: "html", cache: false, success: function(response){ if(response == 'true') { $.session.set("myVar", username); window.location.href='profile.html'; } else { $("#errorMessage").html("Invalid Entry, Please Try Again"); } } }); } </script>

And PHP File for Handle Query.

Please Not that code is not tested and it may change as per your need. You can perform any encryption method and use any function here.

<?php include 'config.php'; $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if(!empty($username) && !empty($password)) { //$result = mysql_query("SELECT * FROM ".$db.".users WHERE username='$username' and password ='$password'"); $result=mysql_query("select * from ".$db.".users WHERE email = '$username' "); while($data = mysql_fetch_row($result)) { $original_password = $data[3]; $salt = $data[4]; $hashedPass = sha1($salt.$password); $fullusername = $data[16]." ".$data[17]; // Used Only for create full name session if ($original_password == $hashedPass) { $_SESSION['username'] = $fullusername; $_SESSION['useremail'] = $username; $_SESSION['UserID'] = $data[0]; echo 'true'; } } } ?>

<strong>Edit</strong>

request.open("GET", 'http://url/service?firstElement='+elem+'&secondElement='+elem2, false);

Avoid to use GET method while sending sensitive data.

<strong>Edit, Helpful Link</strong>

<a href="https://stackoverflow.com/questions/20406291/local-storage-protection-in-phonegap-application?rq=1" rel="nofollow">Local storage protection in phonegap application</a>

Recommend

  • Notification.alert is not working in phonegap build 3.1.0
  • How to integrate CCAvenue to Ionic app?
  • Is it really posible to close a PhoneGap App?
  • Phonegap Android App, open links within app?
  • Phonegap GA plugin not working
  • how to populate a SQLite database and use that database in phonegap?
  • Compress a file with GZipStream while maintaining its meta-data
  • Cannot get text from text area
  • Sending keystrokes/mouse clicks to a Java program with Autohotkey
  • Why cepheus don't send int without quotes to orion?
  • Ember.js model to be organised as a tree structure
  • Reading a file into a multidimensional array
  • Android application: how to use the camera and grab the image bytes?
  • Jackson Parser: ignore deserializing for type mismatch
  • iOS: Detect app start via notification press
  • Email verification using google app script and google forms
  • Checking free space on FTP server
  • How to clear text inside text field when radio button is select
  • OpenGL ES texture problem, 4 duplicate columns and horizontal lines (Android)
  • Get data from AJAX - How to
  • Change Inet root folder for iis 7
  • Scrapy recursive link crawler
  • Using variable in a value field in jMeter
  • C# - Is there a limit to the size of an httpWebRequest stream?
  • Updating server-side rendering client-side
  • Updated Ionic CLI but shows previous version (Windows)
  • How can I estimate amount of memory left with calling System.gc()?
  • Why winpcap requires both .lib and .dll to run?
  • How to pass list parameters for each object using Spring MVC?
  • Run Powershell script from inside other Powershell script with dynamic redirection to file
  • How to get icons for entities from eclipse?
  • Proper way to use connect-multiparty with express.js?
  • Load html files in TinyMce
  • How can I get HTML syntax highlighting in my editor for CakePHP?
  • coudnt use logback because of log4j
  • sending mail using smtp is too slow
  • JaxB to read class hierarchy
  • Observable and ngFor in Angular 2
  • UserPrincipal.Current returns apppool on IIS
  • java string with new operator and a literal