Shared Preferences is not secure enough to store tokens #593
Assignees
Comments
|
@Sagar2366 please assign me this issue |
Sagar2366
added
enhancement
and removed
unapproved
|
Hello @Hrishikesh-Bhagwat you can use crypto package from flutter pub dev import 'dart:convert'; void main() { var hmacSha256 = Hmac(sha256, key); print(hmacSha256); } |
|
Hi Amul Dhungel! We can use flutter_secure_storage it uses keystore in IOS and AES in android. It will be much better according to me. Thanks for telling me about this too. Actually I have solved this on my end already. There are some conflicts in merging, trying to rectify those! |
|
@Hrishikesh-Bhagwat That's great |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Description: Sensitive information such as user tokens must not be stored in shared preferences. Some encryption is desirable.
Issue Severity: Medium but can be a big vulnerability
Observed Behavior: Shared preferences stores user tokens in plain text
Expected Behavior: Tokens must be stored using some encryption
Does this issue need immediate attention? Yes
Are you willing to work on this issue: Yes, I will work.
The text was updated successfully, but these errors were encountered: