项目需要通过oauth2登录,拿到返回的两个token后,琢磨存储在哪里合适?Android端。
可以存储在SP当中?感觉是不是有点不安全
存储在数据库里?用的是ormlite框架,就为这个得建个表?有没有更好的方式???
高洛峰2017-04-17 17:57:04
If you think it is unsafe to use SP to save, then it is also unsafe to use data inventory. These data are all in the directory of built-in storage /data/data/包名/.
You can consider encrypting the token locally and then persisting it, so that after others get the token, they have to study your code to get the correct token. If you insist on security, your source code will still be exposed, and you have to consider the issue of source code reinforcement.
No matter how you do it, there is no absolute security, right, so I suggest: performing some encryption operations on the token locally, and then using SP for persistence is enough.
