Комментарии:
Or you can just put your keys in build variable
ОтветитьBut, if I keep the key on some server, than I have another key in my app that is used for getting the key from the server. The attacker can then find this second key used for getting the one on the server, so how does this improve security?
ОтветитьI'm not sure if I understand you correctly
you want to save the APIs on server
Okay where on the server and how you are going to request them in the app??
Whenever I got new things to handle I always search in your playlist, same happened now as-well, I was looking for ssl issue and new content is here😃. Could plz make a video on dynamic ssl pinning when certificate expires.
ОтветитьCan you make a tutorial on implementing the SHA1 fingerprint in the Ktor server?
ОтветитьIam the attacker. I was looking for your tasky app api
ОтветитьThere is no way!
In app - decompile
From server - sniffer
It's practically impossible to hide secrets on the client. Security through obscurity is the only possible protection, but I'll be glad if somebody proves me wrong
Ответитьof course, everything that is in client could be modified by the client, for security, better to do it on the server instead
Ответить