Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

Reply
Developer
Levion
Posts: 137
Registered: ‎12-22-2010
My Device: Curve 8520
My Carrier: Software Developer
Accepted Solution

Web SQL database encryption

Hi,

 

I have a Web Works App with a lot of sensitive data in a Web SQL database.

 

  • Is it possible to read this data from a second app?
  • Is it necessary to encrypt this data to prevent from hacking?
  • What are possible attacking scenarios?

best regards

Please use plain text.
Developer
Innovatology
Posts: 1,280
Registered: ‎03-03-2011
My Device: Playbook, Z10, Q10, Z30 with Files & Folders and Orbit of course
My Carrier: Vodafone

Re: Web SQL database encryption

Security is always a relative term. Nothing can ever be guaranteed to be 100% secure.

 

If your database is stored in your app sandbox, no other apps have access to the database file, unless one day BB10 is hacked and the app security sandbox mechanism is compromised.

 

If a third party can somehow execute JS or native code within your app, they could potentially gain access to the data.  If your app downloads or embeds third-party data, make sure you are not vulnerable to injection attacks. If your app loads info from the shared file area, that could be a potential weak spot. If your app is an Invocation Framework client or target, that may be another.

 

Examine any 3rd party libraries and extensions you may be using for vulnerabilities.

 

Make sure your signing keys are kept safe.

 

You might want to investigate how secure backups are, as your app data could be included in those.

 

If in doubt: hire a security expert. Still no guarantee though.

Files & Folders, the unified file & cloud manager for PlayBook and BB10 with SkyDrive, SugarSync, Box, Dropbox, Google Drive, Google Docs. Free 3-day trial! - Jon Webb - Innovatology - Utrecht, Netherlands
Please use plain text.