0
I created a security system in php with mysql for my website, but through the browser on desktop computers, the session is stored in cookies, and it is easy to know which user is logged in and what its limitations in each query, since I will have administrators, and common users that can be logged into this system.
Now how can I do this in mobile apps in a secure way??
For now I’m learning and developing only by android, but I plan to create in the future on IOS and Windows Phone as well.
I created a simple active login and password on android, where it is set only as true or false, to identify when the user is logged in or not.
Now someone has some idea, what can be done, so that I can safely store who is the user who is logged in to the mobile phone, when making a query in MYSQL on my website?
Because I know that in the application to leave the user permanently logged in, and not through session as in a browser by desktop.
My fear is that any user who has root access on mobile, You can access the application database files on mobile, and can modify the information with ease. If someone has some mischief, it makes it much easier for them to try to hack an encrypted password, since they would have to have a hash stored on the device.
And also how could I know by my system which user is logged in, since I will not have how to use Sesssions in php.
Perhaps the solution is simple, but I am totally lost in this matter. Someone has done something similar, and knows a really safe way to have this communication between the app and the website, just like google apps, facebook, instagram and so on?
You can use the Json Web Token - JWT for authentication.
– Filipe Moraes
Thanks @Filipemoraes, I think this will not solve my problem, because my case is very complicated. But I will try to check how this tool works and see if it is possible to adapt. Valew.
– Fernando VR
But if you have not checked how it works, how did you come to the conclusion that it does not solve your problem? Which part the proposed solution does not solve?
– Filipe Moraes
I logged on to the site before replying to you, and verified that it would be an encryption solution along with Find and Code, and etc. I have not yet seen fully how it works, whether it is a script that will be stored on my server, or whether it is data stored on the server of this site. And tbm has a matter of runtime, speed of information, and server overflow when you have thousands of requests in a short time. .
– Fernando VR
Dear friend @Filipemoraes, I think I found a very safe solution, I created an answer here explaining my idea, give a little look and see what you think: https://answall.com/a/236841/89580
– Fernando VR