0

I need to make an Android Application that has a connection to a remote php server to fetch and save data.

This app needs to work offline and have a login system based on the same data that the server has.

Should I have the same passwords on the Server and on the Smartphone? Or should I have 2 different system logins (one password for the app and other for the server login)?

Improve this question

1 Answer 1

Reset to default
1

Users would be confused by two logins. It will never work. The important thing is- never save passwords locally. Save the hash of their password instead, and compare the hashws. Otherwise anyone who gains access to their phone can get their password.

Also, if you allow them to change the password on the server you'll need some mechanism to push that change back to the phone.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

And should I have the hashes on both Server and App? Yes, the app will have a sync system to push the new data (including passwords) when it is online.
And there's no security problems if I have these hashes shared on more then one Smartphone?
No security problem, so long as you use a sufficiently strong hashing algorithm. Use a cryptographic library, don't write it yourself. Its not uncrackable, but if you use one strong enough it would take a few years to crack it you'll be fine.
So SHA-1 is fine? Also, should I suggest on the App to change the password periodically?
Changing the password every so often is always a good idea. I believe that its suggested to use SHA-2 now, that SHA-1 is no longer considered sufficient.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.