I am trying to encrypt communication between a database on my server to a mobile application made in devExtreme, which uses javascript. Their support team gives an example that involves using base_64encode. Is this a safe method? Here is an example for DevExtreme: Example of Authentication Request
I am having trouble understanding how secure this would be. According to my understanding, the mobile app would encrypt the data (so the app has the key/decryption method for the encryption. Wouldn't someone be able to find this key if they have access the source code of the app?) This encrypted data is then sent over to the server and is decrypted. A message is sent to notify if authentication failed or not.
On top of this, using a SSL connection would create a private connection between the app client and the server.
Sorry, I asked a lot of questions up there! Let me summarize:
Is using base64_encode in devextreme safe? I have done some research and seen a lot of articles that say it is easy to crack.
Since the password and username would have to be encrypted/decrypted on the application side as well as the server side, wouldn't this
cause issues if the app user was able to gain access to the source
code?Is sending the header/string/json file over a SSL connection enough? Would I need to use encryption if I were to use SSL?
What is a guideline to follow, if any, in order to build a secure
mobile app? Something similar to This guide, but for mobile
apps.
Thanks in advance.