Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development


Thank you for visiting the BlackBerry Support Community Forums.

BlackBerry will be closing the BlackBerry Support Community Forums Device Forums on April 1st (Developers, see below)

BlackBerry remains committed to providing excellent customer support to our customers. We are delighted to direct you to the CrackBerry Forums, a well-established and thorough support channel, for continued BlackBerry support. Please visit http://forums.crackberry.com or http://crackberry.com/ask. You can also continue to visit BlackBerry Support or the BlackBerry Knowledge Base for official support options available for your BlackBerry Smartphone.

"When we launched CrackBerry.com 10 years ago, we set out to make it a fun and useful destination where BlackBerry Smartphone owners could share their excitement and learn to unleash the full potential of their BlackBerry. A decade later, the CrackBerry community is as active and passionate as ever and I know our knowledgeable members and volunteers will be excited to welcome and assist more BlackBerry owners with their questions."

- Kevin Michaluk, Founder, CrackBerry.com

Developers, for more information about the BlackBerry Developer Community please review Join the Conversation on the BlackBerry Developer Community Forums found on Inside BlackBerry.


Reply
Developer
Posts: 137
Registered: ‎12-22-2010
My Device: Curve 8520
My Carrier: Software Developer
Accepted Solution

Web SQL database encryption

Hi,

 

I have a Web Works App with a lot of sensitive data in a Web SQL database.

 

  • Is it possible to read this data from a second app?
  • Is it necessary to encrypt this data to prevent from hacking?
  • What are possible attacking scenarios?

best regards

Developer
Posts: 1,280
Registered: ‎03-03-2011
My Device: Playbook, Z10, Q10, Z30 with Files & Folders and Orbit of course
My Carrier: Vodafone

Re: Web SQL database encryption

Security is always a relative term. Nothing can ever be guaranteed to be 100% secure.

 

If your database is stored in your app sandbox, no other apps have access to the database file, unless one day BB10 is hacked and the app security sandbox mechanism is compromised.

 

If a third party can somehow execute JS or native code within your app, they could potentially gain access to the data.  If your app downloads or embeds third-party data, make sure you are not vulnerable to injection attacks. If your app loads info from the shared file area, that could be a potential weak spot. If your app is an Invocation Framework client or target, that may be another.

 

Examine any 3rd party libraries and extensions you may be using for vulnerabilities.

 

Make sure your signing keys are kept safe.

 

You might want to investigate how secure backups are, as your app data could be included in those.

 

If in doubt: hire a security expert. Still no guarantee though.

Files & Folders, the unified file & cloud manager for PlayBook and BB10 with SkyDrive, SugarSync, Box, Dropbox, Google Drive, Google Docs. Free 3-day trial! - Jon Webb - Innovatology - Utrecht, Netherlands