问题
Possible Duplicate:
Storing a password
I am using shared preference to store password. Is it is secure to save the password data as it is, or i have to encrypt it before saving it. Please help me with sample code.
Thanks in Advance,
回答1:
You should never save a password directly, instead save a hash of the password.
回答2:
Short answer: it's pretty secure.
Long answer: first off, if you are creating an application that allows a user to log into a web / remote service, you might want to look into the AccountManager. It's a bit harder to learn the APIs and intergrate with it, but you get some nice benefits:
- Simple multiple account management (all the accounts are stored in the
AccountManager). - Ability to add
SyncAdapters (and writing them will be pretty simplified, since theAccountManagerwill call your adapters with the right account -- you don't have to run the sync for each account manually). - Your app will appear under
Settings > Accounts & sync.
Check out the Sample Sync Adapter in the docs -- it shows how to use the AccountManager (you can ignore the sync stuff if you don't need it).
Now, on to the secureness of storing the password (what follows is valid for both storing the password in SharedPreferences and in AccountManager). As long as the device on which your application is running is not rooted, it is completely secure. No other app but yours can read the password. You can't even read the password if you connect the phone to a PC using a USB cable and use adb pull to try and get the respective file.
However, if the phone is rooted, any app that gets root access can read the password. Also, adb pull works, and you can get to the password in seconds.
Because of this, encryption is recommended (especially if your web / cloud / remote service holds sensitive data). I have used SimpleCrypto in my last project (together with AccountManager) and it works pretty well. In case you're wondering, I just used a constant for the "master password". For added security, I have obfuscated the final build (check out how).
回答3:
No its never secure to store passwords in plain text, remember what happened to Sony recently?
Any java encryption technique will do
来源:https://stackoverflow.com/questions/6355003/android-encrypt-password