Комментарии:
Would you like to tell us the way how should we solve the problem ? 🧐
Ответитьthe video explains a problems we all know about but I was expected to get a solution presented.
You tell to use obfuscation okay but show it in practise. All I can think about is encoding but like you said: that's easily decodable.
Then you talk about encryption saying it's way more secure. I agree but if when you compile the app, you code need a way to access the key.
What would you encrypt it with ?
So... end of the story, what is the correct way to store API keys?
ОтветитьЯк завжди, Настя = топ контент 👍
ОтветитьAwesome video! Very informative. Your guest clarified some important concepts.
ОтветитьAwesome new format! I really enjoy that you bring in a subject matter expert to explore the topic some more. Would love to see more of these.
ОтветитьIs this the same for Firebase/Firestore keys?
ОтветитьThanks
ОтветитьThe way I do it is to bundle the secret encrypted within the app, and on the first run, I get a key from the backend to decrypt it. I perform some basic validations (does the request appear to come from a device running my app?) and then return the key. Client decrypts it and stores the decrypted key in the keychain for later usage. Not safe by any means, but tricky enough to discourage unsavvy snoopers.
ОтветитьGreat video! We need to raise our awareness about secure data and PII.
ОтветитьCongratulations 🍾
ОтветитьThis was a fun one :)
ОтветитьIt was my first time recording a 10-minute video with a guest! This video was awesome to create and I hope you've also enjoyed watching it 🚀
Ответить