Cordova Mobile Apps: Signed Builds and Env File
If both backend (with .env file) and frontend files are bundled into a Cordova’s mobile app build, will there still be a risk of malicious attempt to unzip the build and obtain the .env file? If yes, are there any protective measures on this?
Secondly, what does the ‘DO encrypt all data at rest’ mean in the above context?
Thanking you in advance!
s.molinari last edited by
“Data at rest” usually means persisted data, like in a database. You wouldn’t be encrypting data stored within files on a server.
I’m not sure what you mean by “backend files being bundled with Cordova”. I’m a noob on Cordova, but I don’t think backend code should ever be a part of a Cordova app. And certainly you wouldn’t bundle up a .env file with a Cordova app. Access to any web API on a client app should be done through the API.
@s-molinari Yes, I agree, backend API and client’s app should be separated, thanks for sharing your thoughts!