Cordova Slack Digest

Thu, 28 Oct 2021 08:21:11 GMT

User count: 4664

Join the conversation at slack.cordova.io

Channel #general (14 messages)


Wed, 27 Oct 2021 17:37:34 GMT

@marek.kozela says

Hi everyone, has someone experience with cordova electron project together with sqlcipher database? My package.json includes: "@journeyapps/sqlcipher": "^5.0.0", "cordova-electron": "^3.0.0", "electron-rebuild": "^2.0.0" but I am getting the following error: Cannot find module ’/Documents/app/platforms/electron/build/mac/Application.app/Contents/Resources/app.asar/node_modules/@journeyapps/sqlcipher/lib/binding/napi-v3-darwin-x64/node_sqlite3.node

Wed, 27 Oct 2021 23:11:14 GMT

@tomkinson says

Where do you all store your JWT‘s? We use SQLite but wondering if Native or local is better. https://mannharleen.github.io/2020-03-19-handling-jwt-securely-part-1/|https://mannharleen.github.io/2020-03-19-handling-jwt-securely-part-1/ This recommends using cookies, which is reportedly a very bad idea on cordova. The sqlite plugin is based on websql, which has a security policy of limiting access on a per-domain basis. That is ideal but my concern is how other cordova apps are covered, particularly if they use the scheme as ours. That’s what I'm trying to get more info about.

Wed, 27 Oct 2021 23:20:06 GMT

@norman137 says

Personally I'd avoid browser-based storage (including indexeddb, local storage, etc)

Wed, 27 Oct 2021 23:21:59 GMT

@norman137 says

Use native based app private storage. In my apps just have a json file -- which if missing I assume there is no user (e.g. display login screen), and if it exists, I then read and confirm that the token is still valid... then proceed to login screen or main screen.

Depending on your requirements, you may want to use a cordova plugin that interfaces with native's secure storage

Wed, 27 Oct 2021 23:44:46 GMT

@tomkinson says

Ok ya lot of conflicting articles and advice. We have it in SQLite ATM after moving it from Native but maybe native is the place. Trying to get a best practice consensus here.

Wed, 27 Oct 2021 23:51:28 GMT

@tomkinson says

So if I use <myapp://secure|myapp://secure> for instance, and another dev who wants to hack my app uses the same pattern for his malicious app, will his app get access to my app‘s databases if both are installed on a user’s device?

Wed, 27 Oct 2021 23:52:13 GMT

@dpogue says

no, the data is separated per app

Wed, 27 Oct 2021 23:52:52 GMT

@dpogue says

This is also why things like cookies aren't shared with Safari

Wed, 27 Oct 2021 23:53:50 GMT

@tomkinson says

Ok thanks Doug.

Wed, 27 Oct 2021 23:54:19 GMT

@tomkinson says

I recall the secure plugin being unmaintained and older than the native storage plugin when we made the decision. Which is the plugin you referring too Norman that you are using?

Wed, 27 Oct 2021 23:55:20 GMT

@tomkinson says

https://github.com/mibrito707/cordova-plugin-secure-storage-echo|https://github.com/mibrito707/cordova-plugin-secure-storage-echo ?

Thu, 28 Oct 2021 00:59:31 GMT

@norman137 says

Wasn't referencing any particular plugin

Thu, 28 Oct 2021 06:53:56 GMT

@cristi9627 says

Hello, can I run cordova build commands in background?

Thu, 28 Oct 2021 06:54:38 GMT

@cristi9627 says

I‘m trying to write a bash script and I’d like to save time running cordova build android and cordova build android --release in background. Is this possible?

Channel #cordova-ios (1 messages)


Wed, 27 Oct 2021 13:06:38 GMT

@nataliagtrd says

Hello all, our cordova-ios app has problems with applicationCache after updating to iOS 15.1 (i.e. it doesn't fire any event), afaik migrating to service workers is not yet possible with WKWebView. Has anyone experienced the same issue?

Channel #cordova-android (4 messages)


Wed, 27 Oct 2021 18:23:02 GMT

@dpogue says

https://android-developers.googleblog.com/2021/10/12L-preview-large-screens.html

Wed, 27 Oct 2021 23:24:29 GMT

@ucheozoemena says

Hi folks, is anyone here familiar with how <https://github.com/storesafe/cordova-sqlite-storage/|this sqlite plugin> enforces access to database across different apps? WebSQL has a same-origin security model that normally prevents a webpage from accessing another webpage‘s websql databases. So I’m curious to know how this is enforced in the cordova context given that app developers can set the webview to use a custom scheme and hostname. So if I use <myapp://secure> for instance, and another dev who wants to hack my app uses the same pattern for his malicious app, will his app get access to my app‘s databases if both are installed on a user’s device?

This is part of a larger consideration of the type of sensitive info that can be saved in sqlite using that plugin.

Thanks!

Thu, 28 Oct 2021 00:15:58 GMT

@jcesarmobile says

The readme is too large, where does it says it shares the data with multiple apps?

Thu, 28 Oct 2021 00:16:41 GMT

@jcesarmobile says

Websql is unique to your app, doesn’t matter if another app uses same scheme and hostname

Channel #cordova-electron (1 messages)


Wed, 27 Oct 2021 15:27:20 GMT

@marek.kozela says

Hi everyone, has someone experience with cordova electron project together with sqlcipher database? My package.json includes: "@journeyapps/sqlcipher": "^5.0.0", "cordova-electron": "^3.0.0", "electron-rebuild": "^2.0.0" but I am getting the following error: Cannot find module ’/Documents/app/platforms/electron/build/mac/Application.app/Contents/Resources/app.asar/node_modules/@journeyapps/sqlcipher/lib/binding/napi-v3-darwin-x64/node_sqlite3.node