Store client secret securely

后端未结

关注

 5  541

说谎 2020-12-16 05:43

I know that a public client shouldn\'t use a client secret because, no matter how much you obfuscate it, it won\'t be protected from reverse engineering.

But, the

5条回答

再見小時候 (楼主)

2020-12-16 06:01
This article suggests these options, from less to more secure:
1. Store in cleartext
2. Store encrypted using a symmetric key
3. Using the Android Keystore
4. Store encrypted using asymmetric keys
Probably, using a combination of #4 and some way to univocally identify the device would be secure enough
0 讨论(0)

查看其它5个回答
发布评论:

提交评论
- 加载中...