Which one is better to store user data when it comes to security?

S.V_Arul_Shiju · April 21, 2023, 9:09pm

which one like firebase, tinydb, tinywebdb etc. is better to store user data like gmail, phone no. etc. when it comes to user-data security. I think using google sheet will be more secure for person like me who know less techniqal knowledge. Guide me please.

TIMAI2 · April 21, 2023, 9:23pm

With reservations, tinydb, because the data stays on the device.

Any online system is only as secure as the weakest link, which is when you are transferring the data!

You can improve on this by encrypting the data before transfer (and if it is important to you, do the same if storing data on the tinydb)

S.V_Arul_Shiju · April 22, 2023, 5:27am

okay, il check. Thankyou.

S.V_Arul_Shiju · April 22, 2023, 8:28am

can i access the user information like email id or phone number of 'app users' as a developer of the app?

TIMAI2 · April 22, 2023, 9:54am

This all depends on what you do and how you do it.

S.V_Arul_Shiju · April 22, 2023, 10:18am

I guess that you are saying that it is possible to handle user data using tinydb. But, i need precise knowledge for that. Can you share some youtube videos or links related to it. Thankyou.

TIMAI2 · April 22, 2023, 10:21am

http://ai2.appinventor.mit.edu/reference/components/storage.html#TinyDB

S.V_Arul_Shiju · April 22, 2023, 10:28am

After reading the doc from above link with my limited English skill, I assumed that it is impossible fo the developers to get user data from their phones, so we can make a call or send email to them. Am I right? Add bit more clarity. Thanks.

TIMAI2 · April 22, 2023, 10:31am

As indicated, tinydb data is stored on the user's device only. It seems you need an online data storage solution. If used properly with authentication and rules in place, firebase realtime database is a good option.Here a link to using Firebase with AI2 and its REST api. You can also use Google Sheets (spreadsheet component or google apps scripts) but you would need to hash passwords and other sensitive information.

S.V_Arul_Shiju · April 22, 2023, 3:38pm

how can I hash password or any user data?

TIMAI2 · April 22, 2023, 3:51pm

You can use javascript locally on your app:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>SHA256</title>
  </head>
  <body>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/core.min.js"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/sha256.js"></script>
    <script>
	  let digest;
	  if( window.AppInventor ){
		digest = window.AppInventor.getWebViewString();
		} 
      let algo = CryptoJS.algo.SHA256.create()
      algo.update(digest, "utf-8")
      hash = algo.finalize().toString(CryptoJS.enc.hex)
       if( window.AppInventor ){
		window.AppInventor.setWebViewString(hash);
		}
    </script>
  </body>
</html>

This is without using a SALT, and will need a network connection to fetch the two js libraries

or there are extensions that contain blocks which will hash a string for you.

S.V_Arul_Shiju · April 25, 2023, 11:47am

Can I place this code in mit app? (within block?)

TIMAI2 · April 25, 2023, 1:01pm

Sort of....

You need to upload the html file to your media folder assets.

You can then open this in a webviewer when needed and set the webviewstring to your "password".

Use the when WebViewStringChanged event to return the hash to the app.