FORUMS
Remove All Ads from XDA

Cordova Security doubt

8 posts
Thanks Meter: 0
 
By introuble361, Junior Member on 13th August 2018, 11:57 PM
Post Reply Email Thread
Hello Beautiful community of xdadevelopers!



I am just getting started with cordova/phonegap

I was so curious how can I connect to mysql in cordova and display its contents in app. So I came across this website that shows how to achieve the same "https://codesundar.com/phonegap-php-mysql-example/ ". I am basically trying to make android app using my web skills so I came across this ADF 'Cordova'.



I am just in alot of doubts but first one is security. When I write a code in php to connect and fetch data from mysql to display database or use mysql for user login credentials verification and build it into .apk anyone can reverse that and decompile the .apk to fetch the php code and the credentials used to access the database right?

What is the secure way around this?

As I know php is a server side scripting language so .php files are not accessible from browser so that makes it a bit secure but in case of cordova the php files will be compiled in the .apk with cordova build command



Please clear my doubt
 
 
17th August 2018, 05:08 PM |#2  
OP Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by introuble361

Hello Beautiful community of xdadevelopers!



I am just getting started with cordova/phonegap

I was so curious how can I connect to mysql in cordova and display its contents in app. So I came across this website that shows how to achieve the same "https://codesundar.com/phonegap-php-mysql-example/ ". I am basically trying to make android app using my web skills so I came across this ADF 'Cordova'.



I am just in alot of doubts but first one is security. When I write a code in php to connect and fetch data from mysql to display database or use mysql for user login credentials verification and build it into .apk anyone can reverse that and decompile the .apk to fetch the php code and the credentials used to access the database right?

What is the secure way around this?

As I know php is a server side scripting language so .php files are not accessible from browser so that makes it a bit secure but in case of cordova the php files will be compiled in the .apk with cordova build command



Please clear my doubt


CAN ANYONE MOVE THIS THREAD TO https://forum.xda-developers.com/coding/web-apps ?
I don't have enough privilege to create a thread there
18th August 2018, 12:59 PM |#3  
karandpr's Avatar
Developer Relations / Senior Moderator / Recognized Developer- Lord of Memes
Thanks Meter: 8,934
 
More
Quote:
Originally Posted by introuble361

Hello Beautiful community of xdadevelopers!



I am just getting started with cordova/phonegap

I was so curious how can I connect to mysql in cordova and display its contents in app. So I came across this website that shows how to achieve the same "https://codesundar.com/phonegap-php-mysql-example/ ". I am basically trying to make android app using my web skills so I came across this ADF 'Cordova'.



I am just in alot of doubts but first one is security. When I write a code in php to connect and fetch data from mysql to display database or use mysql for user login credentials verification and build it into .apk anyone can reverse that and decompile the .apk to fetch the php code and the credentials used to access the database right?

What is the secure way around this?

As I know php is a server side scripting language so .php files are not accessible from browser so that makes it a bit secure but in case of cordova the php files will be compiled in the .apk with cordova build command



Please clear my doubt

Create PHP webservices to manipulate data on server.
Consume the services using fetch API or jquery AJAX in cordova app side.
Or you can use Ionic Framework which uses Http to use webservices.

DO Not use server-db credentials inside an app. There is no way to secure the credentials .
It's generally very poor security practice to use cordova in that way.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes