1

I'm working on an android project that gets the students marks from the website.
How to send the user name and the password securely? (I need some codes)
If I use the sharedpreferences to save the user name and the password, is that secure?

Note:

  1. I have no access to the database (the web developer will print the data in the web page <a herf="http://saif-test.zxq.net/subject.php?name=2013"> example </a>). User name and password will send like "www.example.com/marks?user=myusername&pass=password" or UrlEncodedFormEntity(data) and the app handled the received data.
  2. The website has SSL connection

Thank you.

mfaerevaag
  • 730
  • 5
  • 29
Saif Hamed
  • 1,084
  • 1
  • 12
  • 17

1 Answers1

4

SharedPreferences are pretty secure to store credentials, but it would more secure if you could store them encrypted. So once the user entered his credentials, store them encrypted. The encrypt/decrypt key could be computed at runtime based on some unique device information. That is up to you.

Second, if you have SSL on website, then I don't see reasons to worry when it comes to sending data over https. For above reason, I wouldn't make any requests that contain user credentials in URI, but rather send them over encrypted POST. The http engine will do automatically that for you if you're using https/ssl.

I don't see what code would you need further on ... A very good post can be found on developer.android for https, when it comes to encryption, you could base on this SO thread, while SharedPreferences are trivial to use.

Good luck!

Community
  • 1
  • 1
gunar
  • 14,660
  • 7
  • 56
  • 87