Securing Personal TinyWebDB

After creating a TinyWebDB service of your own, comes the need for securing it. :lock: The first thing to do, is to change the index.html to basically a blank page, or a page linking to your app. The advanced problem, however, is that even though a person looking at your DataBase web service won’t be able to read/write stuff, they can indeed copy the URL into a TinyWebDB component in their own app, and then wreak havoc on your service.

The ways to save yourself (mostly) are:

  1. Don’t share the URL. That’s the easiest thing to do, and your first line of defence.

  2. Don’t set ServiceURL in Designer, set it in blocks - not a normal text block, but an obfuscated text block. Another layer of security from anyone tearing up the APK.

  3. For all your tags, use a specific naming system with a keyphrase at the start. To store login detail, for example, you could do “sysadmin/passphrase/username” as tag, where passphrase and username are upto you of course. In the app, while joining strings for assembling the tag, again, put passphrase in an obfuscated text block. This should prevent others from reading your data even if they dismantle the APK.

Don’t hesitate to share your own ways, as this is by no means an exhaustive list. :smile:

11 Likes