Hello Beautiful community of xdadevelopers!
I am just getting started with cordova/phonegap
I was so curious how can I connect to mysql in cordova and display its contents in app. So I came across this website that shows how to achieve the same "https://codesundar.com/phonegap-php-mysql-example/ ". I am basically trying to make android app using my web skills so I came across this ADF 'Cordova'.
I am just in alot of doubts but first one is security. When I write a code in php to connect and fetch data from mysql to display database or use mysql for user login credentials verification and build it into .apk anyone can reverse that and decompile the .apk to fetch the php code and the credentials used to access the database right?
What is the secure way around this?
As I know php is a server side scripting language so .php files are not accessible from browser so that makes it a bit secure but in case of cordova the php files will be compiled in the .apk with cordova build command
Please clear my doubt
introuble361 said:
Hello Beautiful community of xdadevelopers!
I am just getting started with cordova/phonegap
I was so curious how can I connect to mysql in cordova and display its contents in app. So I came across this website that shows how to achieve the same "https://codesundar.com/phonegap-php-mysql-example/ ". I am basically trying to make android app using my web skills so I came across this ADF 'Cordova'.
I am just in alot of doubts but first one is security. When I write a code in php to connect and fetch data from mysql to display database or use mysql for user login credentials verification and build it into .apk anyone can reverse that and decompile the .apk to fetch the php code and the credentials used to access the database right?
What is the secure way around this?
As I know php is a server side scripting language so .php files are not accessible from browser so that makes it a bit secure but in case of cordova the php files will be compiled in the .apk with cordova build command
Please clear my doubt
Click to expand...
Click to collapse
CAN ANYONE MOVE THIS THREAD TO https://forum.xda-developers.com/coding/web-apps ?
I don't have enough privilege to create a thread there
introuble361 said:
Hello Beautiful community of xdadevelopers!
I am just getting started with cordova/phonegap
I was so curious how can I connect to mysql in cordova and display its contents in app. So I came across this website that shows how to achieve the same "https://codesundar.com/phonegap-php-mysql-example/ ". I am basically trying to make android app using my web skills so I came across this ADF 'Cordova'.
I am just in alot of doubts but first one is security. When I write a code in php to connect and fetch data from mysql to display database or use mysql for user login credentials verification and build it into .apk anyone can reverse that and decompile the .apk to fetch the php code and the credentials used to access the database right?
What is the secure way around this?
As I know php is a server side scripting language so .php files are not accessible from browser so that makes it a bit secure but in case of cordova the php files will be compiled in the .apk with cordova build command
Please clear my doubt
Click to expand...
Click to collapse
Create PHP webservices to manipulate data on server.
Consume the services using fetch API or jquery AJAX in cordova app side.
Or you can use Ionic Framework which uses Http to use webservices.
DO Not use server-db credentials inside an app. There is no way to secure the credentials .
It's generally very poor security practice to use cordova in that way.
Related
Just want to know if theres a possible way on how can i modify a .cab browsers programs assigned to connect to a specific server? for example java browsers like ucweb and opera mini connects to a specific address before the app can be use. i already learned to locate those class files in java that holds the address where it connects and able to edit that file and allow the app to connect to my carriers gprs services with no fee. so im now trying to discover and wanted to learn how to edit a cab file, locate the file that holds the address, and modify it just like what i did to most java apps so i can use it free of charge here in the philippines.
hope somebody can give me a hint. thanks alot
i have an app that i want to post an item on a user facebook.
i have found a method to do this, which on paper works - but on windows mobile it doesnt!
i have code that generates a html document with the relevent java script in it to trigger the FB.UI. This Java code opens up a popup window to enable the post to happen, the problem is that if i open up the generated html document in internet explorer it wont work because it automatically blocks pop-ups. Alternativly if i had a web browser control to my app it works, however the page is zoomed in way too much and theres no scroll bars or anyway of navigating the page!
i appreciate any help or suggestions. Using managed .net code (vb)
well, I've been working oonon a Facebook app and well. . Honestly, the only way to do it is using raw http socket communication with custom UI. the webbrowser object is pathetic at best. if you find another solution i would be very interested in knowing what you did. if you want help with Facebook communication, pm me and ill see what i can do to help
Hi, I've created simple proof-of-concept project, how to bypass WinRT sandbox limitations in Metro apps using local service.
Sample + guide is here:
http://suchan.cz/wp7/OutOfSandboxSample.7z
Edit: updated sample for Visual Studio 2012 RTM and Windows 8 RTM, it still works.
Let me know, what you think about real usability and impact on the Windows 8 Metro app model
By design Metro application cannot access underlying PC directly, only using WinRT API and available capabilities. But when you create back-end service for accessing the PC and all data there, it's basically no longer running in sandbox.
The only "problem" is that user must manually install this back-end service, but that won't be a problem using some "social engineering":
User downloads "PC browser" Metro app, user can browse all pictures, music and videos, using WinRT API, but the app also shows message at the bottom:
"Download our PC browser powerpack and browse your entire PC, for FREE"
User is redirected to web page, from where user can download classic desktop installer containing "PC browser" back-end service for accessing files on users entire PC. Once this desktop service is installed, the Metro app can detect it and use it for browsing the entire PC. User is happy, but the WinRT sandbox is compromised.
Of course this won't work on Windows 8 ARM tablets. Using this workaround it could be even possible to build Metro apps for classic desktop apps like antiviruses, torrent/P2P clients, etc.
Click to expand...
Click to collapse
I want to develop an android application which is access MySQL database and display those data in a android client using Mysql, JSON, PHP and android. I tried some examples found in the internet and but i can't program a successful one.
If any one have a this kind of full working example, kindly let me know
Is anyone else having issues importing VPN certificates with Strongswan I just get No Certificates Found in the Strongswan app but the cert shows up in settings.
I don't have my 3 XL yet, but experience tells me your certificates are sitting in a location in which the program can't find them. You might want to see into what directory they need to be moved / loaded.
I am loading the certificates into the built in Android certificate manager and they show up in settings but when the app shows built in Android certificate picker they don't show up. So I don't think it's a location issue because they are showing in Android settings just not when the picker comes up in the strongswan app.
Sent from my Pixel 3 XL using Tapatalk
georgewillims said:
I am loading the certificates into the built in Android certificate manager and they show up in settings but when the app shows built in Android certificate picker they don't show up. So I don't think it's a location issue because they are showing in Android settings just not when the picker comes up in the strongswan app.
Sent from my Pixel 3 XL using Tapatalk
Click to expand...
Click to collapse
You might check to see if the P3 is storing them in a different path than the P2 or other phones. My money says that your picker is simply pointed somewhere the files you need are not. The only other thing to consider is if your picker is looking for a specific file type, a type the target files no longer match. Those are two problems most often associated with the symptoms you are describing. Sorry I can't help further -- still don't have my new phone.
wtharp2 said:
You might check to see if the P3 is storing them in a different path than the P2 or other phones. My money says that your picker is simply pointed somewhere the files you need are not. The only other thing to consider is if your picker is looking for a specific file type, a type the target files no longer match. Those are two problems most often associated with the symptoms you are describing. Sorry I can't help further -- still don't have my new phone.
Click to expand...
Click to collapse
It's not a file picker that comes up if I open Android Settings > Security > Advanced > Encryption & Credentials > User Credentials I can see the imported certificate there but when the dialog comes up in strongswan it says no certificates. There is no way to browse for a file these are certificates that have already been imported into the certificate store on Android. With the OpenVPN app you are able to browse for a certificate but the strongswan app is different it uses the built in certificate store to access them. I am thinking it might be because of an unlocked boot loader my old also Android had a unlocked boot loader but the new Pixel has the Titan M and there are also probably security changes in the new Android 9 or maybe the strongswan app just needs to be updated. But I ended up just using less secure username/password auth instead of certificates for now.
Same issue with my pixel 3. Im guessing ovpn works because certs are embedded in the ovpn config file. My ipsec p12 cert is installed, but strongswan can't read it.
I'm also unable to log into Express VPN. Express works on my old pixel 2 and other devices. As others mentioned I'm guessing it's related to the TitanM protection of certificates and the apps not currently supporting it. Hopefully soon enough.
Digging into my ExpressVPN issue I touched on above, its related to a premature 7.x release - currently in the play store. If you downgrade to 6.8 Express VPN works fine on the Pixel3