I have recently created an app with react-native and my concern is about react-native security. I heard that react-native is not compiled and the code exists as it is in development.
So if we have some sensitive data in variables, what can we do for protecting that?
If you want to protect your react-native app in release, consider the following.
always save your sensitive data in shared preferences on
android and keychain on ios, here is a nice package: https://github.com/oblador/react-native-keychain
use react-native proguard
Encrypt your data and decrypt when you need it.
If possible save your data on server side
Related
I'm working on a React/Redux and redux-persist project, I want to know if it's possible to persist my store in a file (example.txt for example) instead of Localstorage or indexedDb, because I have a big amount of data and Google Chrome trigger an out of memory error when I try to persist it in indexedDb
I was going to say no, but after some research, it looks like "maybe". You might be able to leverage the File System Access API. I've never used it, so can't vouch for it. Apparently you need to get direct permission from the user, and probably would need to on every visit to the site.
How large is your data? It's possible indexed DB may work, but you need to use blobs or chunk your data differently.
Check this docs : https://github.com/rt2zz/redux-persist
There are too many storage engines:
## Storage Engines
localStorage import storage from 'redux-persist/lib/storage'
sessionStorage import storageSession from 'redux-persist/lib/storage/session'
electron storage Electron support via electron store
redux-persist-cookie-storage Cookie storage engine, works in browser and Node.js, for universal / isomorphic apps
redux-persist-expo-filesystem react-native, similar to redux-persist-filesystem-storage but does not require linking or ejecting CRNA/Expo app. Only available if using Expo SDK (Expo, create-react-native-app, standalone).
redux-persist-expo-securestore react-native, for sensitive information using Expo's SecureStore. Only available if using Expo SDK (Expo, create-react-native-app, standalone).
redux-persist-fs-storage react-native-fs engine
redux-persist-filesystem-storage react-native, to mitigate storage size limitations in android (#199, #284) redux-persist-indexeddb-storage recommended for web via localForage
redux-persist-node-storage for use in nodejs environments.
redux-persist-pouchdb Storage engine for PouchDB.
redux-persist-sensitive-storage react-native, for sensitive information (uses react-native-sensitive-info).
redux-persist-weapp-storage Storage engine for wechat mini program, also compatible with wepy
redux-persist-webextension-storage Storage engine for browser (Chrome, Firefox) web extension storage
#bankify/redux-persist-realm Storage engine for Realm database, you will need to install Realm first
custom any conforming storage api implementing the following methods: setItem getItem removeItem. (NB: These methods must support promises)
Looks like file-system is supported onlu in react-native but you could use different databases
We wanna create an app that is offline-fist. We're trying to use or create an auto sync database that allows work offline with app. Our client is Flutter and our back-end is Yii2. What is the best solution?
I have developed multiple offline sync applications. I can not tell you about the backend much but I can tell you about the Flutter.
For storing data on your device there are multiple plugins you can use.
sqflite-: It works well in android and ios.
shared_preferences-: If you want to support all the platforms then you use shared preferences but there might be some security issues here.
For Auto-sync
You can use the internet checker and sync your database with live.
connectivity_plus-: Works well but sometimes it does not trigger the callback for connectivity. (work well for all the platforms.)
Note-: This plugin does not give you if the internet is working or not.
internet_connection_checker-: work well in all cases and also provides if the internet is actually working or not.
If you want to sync when the app is in the background then you may need to use
background_fetch
Happy Coding ;)
Some years ago I implemented a websocket (Ruby based) on a intranet website to create a one direction message system. Admin types a message and all the clients that are registered on that channel get the message.
It is working well but now that I'm approaching REACTJS I am thinking about replacing the Ruby websocket with a React component.
Starting from an Apache webserver running php and a Ruby websocket in parallel to it what do I have to do to set up an environment running react?
Install Node on Ubuntu?
Install NPM?
What else?
On react side I'm currently learning the basics and I have not approached yet the differences in terms of application beside a compiled app and the dev version. So I expect that also the compiled version will require the same environment as when I am developing. Am I right?
React is solely a front-end/client-side technology, so it has very little to do with the server.
If you develop a React app using something like create-react-app, the development environment they provide allows you to disregard the backend/server-side while you develop. It does this by serving the files on a local webserver.
If you have a server that makes a web socket available, your React component can connect to it and use it.
After development the React code must be transpiled, and all you need is to serve the static files. For example you might end up with a chat.html file that uses styles.css and connect.js, and you'll need a server to respond to requests for those files.
So I would say that if you already have an exposed web socket, you do not need a new production environment on your server.
*If you intend to build a new websocket on Node or if you need to build yourself an additional REST API that's going to require setting up a Node environment on your server*
I'm making an electron application along with create-react-app for the frontend. The application requires an active MQTT connection. So, somewhere in my electron code, i have to include the credentials for accessing the MQTT broker. These credentials are not something that an end user should be aware of, so i decided to hard code it.
After packaging the application with electron builder, for any platform, there's always a .asar file in some resources folder after application installation that can easily be extracted with the help of npm libraries like asar.
After extraction, all of my electron source code is out in the open and so are the credentials. Is there any work around for this?? Is nw.js the only other way to avoid this happening or is there a way to use some c/c++ addons for this??
Also, are there any electron react alternative boilerplates that somehow overcome this?
Code obfuscation is a somewhat ineffective solution for this as the password is still there, its just hard to find. This is my first electron application so haven't really found much else on how to overcome this.
I am building two react native apps where i need to keep few things in common like username(login) and few other information.I tried to store using AsyncStorage (React Native Storage) and everything was working but now i need to use one common data base for both the apps as the user login success in first app then the other app should also be logged in.As Asyncstorage cannot be used in this case any other option in react native.
The new privacy laws do not let share the same database for 2 applications. The only thing you can do is put the database online and access to it by both apps. At least it happen in Europe. Anyway you can't use the same AsyncStorage to 2 different apps. See more here: https://stackoverflow.com/a/48806319/8898886
In Android, the system design do not permit that. Every app has its own sandbox. Shortly, an app can not access the database of another app.
But it could be swindled, at your risk.
You could use a sqlite database, put the database file in a shared directory, and access that file from each app. Please note that each means really each. Every app on the device could access that file, so it is not a safe place for sensible data.
The best solution, as proposed, is to use a external db, accessible from the network, to store your data. If you belive that the effort is not worth it, you could use Firebase, for example.
You can not use that locally. But with Firebase you can make 2 app have same Firebase Realtime database so you can share data between 2 app (event realtime).
I prefer use this react-native-firebase library for React Native https://github.com/invertase/react-native-firebase