Thu, 28 Oct 2021 08:21:11 GMT
Join the conversation at slack.cordova.io
Wed, 27 Oct 2021 17:37:34 GMT
@marek.kozela says
Hi everyone, has someone experience with cordova electron project together with sqlcipher database? My package.json includes:
"@journeyapps/sqlcipher": "^5.0.0",
"cordova-electron": "^3.0.0",
"electron-rebuild": "^2.0.0"
but I am getting the following error: Cannot find module ’/Documents/app/platforms/electron/build/mac/Application.app/Contents/Resources/app.asar/node_modules/@journeyapps/sqlcipher/lib/binding/napi-v3-darwin-x64/node_sqlite3.node
Wed, 27 Oct 2021 23:11:14 GMT
@tomkinson says
Where do you all store your JWT‘s? We use SQLite but wondering if Native or local is better. https://mannharleen.github.io/2020-03-19-handling-jwt-securely-part-1/|https://mannharleen.github.io/2020-03-19-handling-jwt-securely-part-1/ This recommends using cookies, which is reportedly a very bad idea on cordova. The sqlite plugin is based on websql, which has a security policy of limiting access on a per-domain basis. That is ideal but my concern is how other cordova apps are covered, particularly if they use the scheme as ours. That’s what I'm trying to get more info about.
Wed, 27 Oct 2021 23:20:06 GMT
@norman137 says
Personally I'd avoid browser-based storage (including indexeddb, local storage, etc)
Wed, 27 Oct 2021 23:21:59 GMT
@norman137 says
Use native based app private storage. In my apps just have a json file -- which if missing I assume there is no user (e.g. display login screen), and if it exists, I then read and confirm that the token is still valid... then proceed to login screen or main screen.
Depending on your requirements, you may want to use a cordova plugin that interfaces with native's secure storage
Wed, 27 Oct 2021 23:44:46 GMT
@tomkinson says
Ok ya lot of conflicting articles and advice. We have it in SQLite ATM after moving it from Native but maybe native is the place. Trying to get a best practice consensus here.
Wed, 27 Oct 2021 23:51:28 GMT
@tomkinson says
So if I use
<myapp://secure|myapp://secure>
for instance, and another dev who wants to hack my app uses the same pattern for his malicious app, will his app get access to my app‘s databases if both are installed on a user’s device?
Wed, 27 Oct 2021 23:52:13 GMT
@dpogue says
no, the data is separated per app
Wed, 27 Oct 2021 23:52:52 GMT
@dpogue says
This is also why things like cookies aren't shared with Safari
Wed, 27 Oct 2021 23:53:50 GMT
@tomkinson says
Ok thanks Doug.
Wed, 27 Oct 2021 23:54:19 GMT
@tomkinson says
I recall the secure plugin being unmaintained and older than the native storage plugin when we made the decision. Which is the plugin you referring too Norman that you are using?
Wed, 27 Oct 2021 23:55:20 GMT
@tomkinson says
Thu, 28 Oct 2021 00:59:31 GMT
@norman137 says
Wasn't referencing any particular plugin
Thu, 28 Oct 2021 06:53:56 GMT
@cristi9627 says
Hello, can I run cordova build commands in background?
Thu, 28 Oct 2021 06:54:38 GMT
@cristi9627 says
I‘m trying to write a bash script and I’d like to save time running cordova build android and cordova build android --release in background. Is this possible?
Wed, 27 Oct 2021 13:06:38 GMT
@nataliagtrd says
Hello all, our cordova-ios app has problems with applicationCache after updating to iOS 15.1 (i.e. it doesn't fire any event), afaik migrating to service workers is not yet possible with WKWebView. Has anyone experienced the same issue?
Wed, 27 Oct 2021 18:23:02 GMT
@dpogue says
https://android-developers.googleblog.com/2021/10/12L-preview-large-screens.html
Wed, 27 Oct 2021 23:24:29 GMT
@ucheozoemena says
Hi folks, is anyone here familiar with how <https://github.com/storesafe/cordova-sqlite-storage/|this sqlite plugin> enforces access to database across different apps? WebSQL has a same-origin security model that normally prevents a webpage from accessing another webpage‘s websql databases. So I’m curious to know how this is enforced in the cordova context given that app developers can set the webview to use a custom scheme and hostname. So if I use
<myapp://secure>
for instance, and another dev who wants to hack my app uses the same pattern for his malicious app, will his app get access to my app‘s databases if both are installed on a user’s device?This is part of a larger consideration of the type of sensitive info that can be saved in sqlite using that plugin.
Thanks!
Thu, 28 Oct 2021 00:15:58 GMT
@jcesarmobile says
The readme is too large, where does it says it shares the data with multiple apps?
Thu, 28 Oct 2021 00:16:41 GMT
@jcesarmobile says
Websql is unique to your app, doesn’t matter if another app uses same scheme and hostname
Wed, 27 Oct 2021 15:27:20 GMT
@marek.kozela says
Hi everyone, has someone experience with cordova electron project together with sqlcipher database? My package.json includes:
"@journeyapps/sqlcipher": "^5.0.0",
"cordova-electron": "^3.0.0",
"electron-rebuild": "^2.0.0"
but I am getting the following error: Cannot find module ’/Documents/app/platforms/electron/build/mac/Application.app/Contents/Resources/app.asar/node_modules/@journeyapps/sqlcipher/lib/binding/napi-v3-darwin-x64/node_sqlite3.node