Mixing
How safe is it to use OkHttp
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
How safe is it to use OkHttp3 for your REST API?
For example, if my website has some login/signup process, and my app sends requests with OkHttp3 client. How much can I trust that someone can't take his phone, plug it into Android Studio and look into the logs and find the links for all the requests I'm calling?
There's also the matter of decompiling the app, and easily accessing the base Uri I'm using in my app.
I'm not sure how OkHttp works, so can someone tell me about the security used in the client and how much I can trust it?
android networking okhttp3 asked Dec 24 '18 at 7:05
Ahmad UCGAhmad UCG
557
add a comment |
How safe is it to use OkHttp3 for your REST API?
For example, if my website has some login/signup process, and my app sends requests with OkHttp3 client. How much can I trust that someone can't take his phone, plug it into Android Studio and look into the logs and find the links for all the requests I'm calling?
There's also the matter of decompiling the app, and easily accessing the base Uri I'm using in my app.
I'm not sure how OkHttp works, so can someone tell me about the security used in the client and how much I can trust it?
android networking okhttp3 asked Dec 24 '18 at 7:05
Ahmad UCGAhmad UCG
557
add a comment |
How safe is it to use OkHttp3 for your REST API?
For example, if my website has some login/signup process, and my app sends requests with OkHttp3 client. How much can I trust that someone can't take his phone, plug it into Android Studio and look into the logs and find the links for all the requests I'm calling?
There's also the matter of decompiling the app, and easily accessing the base Uri I'm using in my app.
I'm not sure how OkHttp works, so can someone tell me about the security used in the client and how much I can trust it?
android networking okhttp3 asked Dec 24 '18 at 7:05
Ahmad UCGAhmad UCG
557
How safe is it to use OkHttp3 for your REST API?
For example, if my website has some login/signup process, and my app sends requests with OkHttp3 client. How much can I trust that someone can't take his phone, plug it into Android Studio and look into the logs and find the links for all the requests I'm calling?
There's also the matter of decompiling the app, and easily accessing the base Uri I'm using in my app.
I'm not sure how OkHttp works, so can someone tell me about the security used in the client and how much I can trust it?
android networking okhttp3 android networking okhttp3 asked Dec 24 '18 at 7:05
Ahmad UCGAhmad UCG
557
asked Dec 24 '18 at 7:05
Ahmad UCGAhmad UCG
557
asked Dec 24 '18 at 7:05
Ahmad UCGAhmad UCG
557
asked Dec 24 '18 at 7:05
Ahmad UCGAhmad UCG
557
asked Dec 24 '18 at 7:05
Ahmad UCGAhmad UCG
557
557
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
If a link is on the internet, then it's public. There is no point trying to hide that fact.
You need to focus on the securing the endpoint(s) the app is talking to for confidentiality, integrity and availability
You need to read up on Web security. Take a look at the OWASP Top 10 and related guides.
answered Jan 3 at 9:53
MichaelHMichaelH
1
add a comment |
Why are you worried about your URL address? Whenever you expose an API on the internet anyone can find your API URL address. There are easier ways than reading logs of your app.
What is your exact worry? What do you need to keep secure? What is important for you?
answered Jan 3 at 10:07
Ehsan MashhadiEhsan Mashhadi
783619
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53910258%2fhow-safe-is-it-to-use-okhttp%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
If a link is on the internet, then it's public. There is no point trying to hide that fact.
You need to focus on the securing the endpoint(s) the app is talking to for confidentiality, integrity and availability
You need to read up on Web security. Take a look at the OWASP Top 10 and related guides.
answered Jan 3 at 9:53
MichaelHMichaelH
1
add a comment |
If a link is on the internet, then it's public. There is no point trying to hide that fact.
You need to focus on the securing the endpoint(s) the app is talking to for confidentiality, integrity and availability
You need to read up on Web security. Take a look at the OWASP Top 10 and related guides.
answered Jan 3 at 9:53
MichaelHMichaelH
1
add a comment |
If a link is on the internet, then it's public. There is no point trying to hide that fact.
You need to focus on the securing the endpoint(s) the app is talking to for confidentiality, integrity and availability
You need to read up on Web security. Take a look at the OWASP Top 10 and related guides.
answered Jan 3 at 9:53
MichaelHMichaelH
1
If a link is on the internet, then it's public. There is no point trying to hide that fact.
You need to focus on the securing the endpoint(s) the app is talking to for confidentiality, integrity and availability
You need to read up on Web security. Take a look at the OWASP Top 10 and related guides.
answered Jan 3 at 9:53
MichaelHMichaelH
1
answered Jan 3 at 9:53
MichaelHMichaelH
1
answered Jan 3 at 9:53
MichaelHMichaelH
1
answered Jan 3 at 9:53
MichaelHMichaelH
1
1
add a comment |
add a comment |
Why are you worried about your URL address? Whenever you expose an API on the internet anyone can find your API URL address. There are easier ways than reading logs of your app.
What is your exact worry? What do you need to keep secure? What is important for you?
answered Jan 3 at 10:07
Ehsan MashhadiEhsan Mashhadi
783619
add a comment |
Why are you worried about your URL address? Whenever you expose an API on the internet anyone can find your API URL address. There are easier ways than reading logs of your app.
What is your exact worry? What do you need to keep secure? What is important for you?
answered Jan 3 at 10:07
Ehsan MashhadiEhsan Mashhadi
783619
add a comment |
Why are you worried about your URL address? Whenever you expose an API on the internet anyone can find your API URL address. There are easier ways than reading logs of your app.
What is your exact worry? What do you need to keep secure? What is important for you?
answered Jan 3 at 10:07
Ehsan MashhadiEhsan Mashhadi
783619
Why are you worried about your URL address? Whenever you expose an API on the internet anyone can find your API URL address. There are easier ways than reading logs of your app.
What is your exact worry? What do you need to keep secure? What is important for you?
answered Jan 3 at 10:07
Ehsan MashhadiEhsan Mashhadi
783619
answered Jan 3 at 10:07
Ehsan MashhadiEhsan Mashhadi
783619
answered Jan 3 at 10:07
Ehsan MashhadiEhsan Mashhadi
783619
answered Jan 3 at 10:07
Ehsan MashhadiEhsan Mashhadi
783619
783619
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53910258%2fhow-safe-is-it-to-use-okhttp%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
