Amazon SimpeDB - apps - data protection

白昼怎懂夜的黑 提交于 2019-12-07 12:05:12

问题


I have been using AWS (Amazon Web services) and in particular simpleDB for a couple of smartphone apps using their iOS/android client libraries.

So far, the data was very benign so I didn't worry too much about data protection.

My next app project will require a "users" table/domain containing usernames and passwords.

What I'm worried about is that someone reverse-engineer the Android java version of the app, then it will be easy to get all the simpleDB data, including all the passwords.

the basic TVM thing (Token Vending Machine, where a temporary token replaces the AWS credentials which are not in the code) doesn't seem to protect against that scenario so it would be great to hear what people think is the recommended approach to do the login part of the app using AWS without being completely unsafe.

Having the passwords table stored somewhere else/accessed in a different way?

Any comment appreciated, Many Thanks.


回答1:


I can suggest you two approaches to keep your app protected -

1st Approach :

You can keep your AWS secret key into a file with in your app that will be encrypted using private key. On start-up, your code will read that file using public key and can only get your AWS secret key. Please remember following points in this approach -

  1. Your code must be obfuscated.
  2. Your secret key must be in encrypted form into the file so you will get double protection.
  3. Your file must be digitally signed.

2nd Approach :

You can also create your own web site that will manage your user authentications and if user is successfully authenticated it will send AWS Secret key after encrypted it with private key, in his response to the app and your app will use that AWS Secret key after decrypting it with public key. Please remember following points in this approach - 1. Your response must be returned in encrypted form. 2. You site must be secure and must run on HTTPS. 3. Your code must be obfuscated.



来源:https://stackoverflow.com/questions/12826984/amazon-simpedb-apps-data-protection

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!