Security question MobileServiceClient

TestXamarin.2906TestXamarin.2906 USMember ✭✭

Hello,

I have a question about the way the app is getting connecter to the mobile service.

this is the way I do it :
MobileService = new MobileServiceClient(
"url",
"key",
handler
);

is it really safe to write the url and the key directly ? If someone can reverse the code he will get the key?

Thank you

Tagged:

Posts

  • up :)

  • JamesLaveryJamesLavery GBBeta, University ✭✭✭✭✭
    No it's not secure. You should store these values in a (preferably encrypted) file and read them into variables at runtime.
  • PierceBogganPierceBoggan USForum Administrator, Xamarin Team, Developer Group Leader Xamurai

    @TestXamarin.2906: Additionally, any of the recent versions of MobileServiceClient class from the Azure Mobile Apps assembly no longer use API keys.

  • @PierceBoggan said:
    @TestXamarin.2906: Additionally, any of the recent versions of MobileServiceClient class from the Azure Mobile Apps assembly no longer use API keys.

    Sure. But does it make it secure or should I do Like @JamesLavery said?

  • JamesLaveryJamesLavery GBBeta, University ✭✭✭✭✭
    I would still store the url in a file and read it in at runtime. Then it's not exposed in your code.

    You should also make sure you don't ship code which logs information with secure data in it - this is easily visible via the device log to someone with debug tools.
Sign In or Register to comment.