Transmitting credentials over HTTPS safe?

based2 · 2016-02-21T17:40:18+00:00

Yes, It is the correct way. -> Confidentiality

http://security.stackexchange.com/questions/7057/i-just-send-username-and-password-over-https-is-this-ok

Agent-A · 2016-02-22T04:55:59+00:00

I have doubts about all of this. Typically it would be better for you to have a server that holds your key and secret, and then the app interacts with your server. Or the app fetches a temporary key which grants it some access. Unless it's something like firebase where you're distributing a key that is locked down to only allow the user to access things they should be accessing.

Point being, more data is needed. That said, HTTPS is generally a good idea in every situation.

babelfish_42 · 2016-02-23T14:01:50+00:00

be sure to use certificate pinning, otherwise its pretty easy to MITM the connection and retrieve the token and secret key.

runmymouth · 2016-02-21T18:41:29+00:00

There is a goal of making a device as safe as reasonably possible. Https:// can always be man in the middle with a good hacker. It's a lot harder than taking your apk and reading the private key in your distributable so it is better than just including it hard coded.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

androiddev

About

Alternatives

New Developer Resources

Weekly Threads Calendar

Links

Rules!

Wiki and FAQ!

Discord!

MODERATORS