No More Posting New Topics!

If you have a question or an issue, please start a thread in our Github Discussions Forum.
This forum is closed for new threads/ topics.

Navigation

    Quasar Framework
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    Cordova Mobile Apps: Signed Builds and Env File

    Framework
    2
    3
    214
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      susansiow last edited by

      screenshot-2.png

      If both backend (with .env file) and frontend files are bundled into a Cordova’s mobile app build, will there still be a risk of malicious attempt to unzip the build and obtain the .env file? If yes, are there any protective measures on this?

      Secondly, what does the ‘DO encrypt all data at rest’ mean in the above context?

      Thanking you in advance!

      1 Reply Last reply Reply Quote 0
      • s.molinari
        s.molinari last edited by

        “Data at rest” usually means persisted data, like in a database. You wouldn’t be encrypting data stored within files on a server.

        I’m not sure what you mean by “backend files being bundled with Cordova”. I’m a noob on Cordova, but I don’t think backend code should ever be a part of a Cordova app. And certainly you wouldn’t bundle up a .env file with a Cordova app. Access to any web API on a client app should be done through the API.

        Scott

        S 1 Reply Last reply Reply Quote 1
        • S
          susansiow @s.molinari last edited by

          @s-molinari Yes, I agree, backend API and client’s app should be separated, thanks for sharing your thoughts!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post