1

I'm currently trying to find a way on how to upload an Image from my Android App to DigitalOcean Spaces. I found some tutorial who show that they put their space-key and space-secret-key in the code... Isn't this the worst possible way? Example: How to upload images to Digital Ocean Spaces using AWS SDK for Android?

How to connect to DigitalOcean Spaces without having to show the space-key and space-secret-key to everyone who decompiles my app? Is a PHP Script the solution?

HavanaSun
  • 446
  • 3
  • 12
  • 39
  • Yes, if you put a security key of any sort in an app, assume it will leak. If the key has permissions to do more than upload files, assume it will. If this concerns you, don't put the key in the app, and use a proper authentication scheme to secure the activity to individual user. – Anon Coward Mar 04 '22 at 16:30

0 Answers0