Application passwords and SQLite security
Posted
by Bryan
on Stack Overflow
See other posts from Stack Overflow
or by Bryan
Published on 2010-04-22T21:09:19Z
Indexed on
2010/04/22
21:13 UTC
Read the original article
Hit count: 414
I have been searching on google for information regarding application passwords and SQLite security for some time, and nothing that I have found has really answered my questions.
Here is what I am trying to figure out:
1) My application is going to have an optional password activity that will be called when the application is first opened. My questions for this are a) If I store the password via android preference or SQLite database, how can I ensure security and privacy for the password, and b) how should password recovery be handled?
Regarding b) from above, I have thought about requiring an email address when the password feature is enabled, and also a password hint question for use when requesting password recovery. Upon successfully answering the hint question, the password is then emailed to the email address that was submitted. I am not completely confident in the security and privacy of the email method, especially if the email is sent when the user is connected to an open, public wireless network.
2) My application will be using an SQLite database, which will be stored on the SD card if the user has one. Regardless of whether it is stored on the phone or the SD card, what options do I have for data encryption, and how does that affect the application performance?
Thanks in advance for time taken to answer these questions. I think that there may be other developers struggling with the same concerns.
© Stack Overflow or respective owner