Android login panel: what are the security aspects should consider

Question

I'm creating a android app which requires login and the authentication will be done against a node server.

HttpURLConnection is used with the POST and I'm using HTTPS. But my question is, since username and password are sent to the server as url parameters, do I need to add more security measures; like encrypting those two parameters(Using Base64)?

I've tried to use Authenticator.setDefault(new Authenticator(){}) but I'm not user implementing that only would be enough.

score 0 · Answer 1 · answered Jul 21 '16 at 14:51

0

The URL parameters are encrypted thus protected in transit but are probably logged by the system so the username and password will probably be in the log files. It is best to send then in thee POST data, not as part of the URL.

answered Jul 21 '16 at 14:51

zaph

111,848
21
189
228

score -1 · Answer 2 · edited May 23 '17 at 11:44

-1

What you can try is encrypting the data and then send it to server and on server side the data should be decrypted . In this way the security of your app will be maintained.

See this

edited May 23 '17 at 11:44

Community

1
1

answered Jul 21 '16 at 13:51

Inderpreet singh

11
4

Since the connection is using HTTPS the data in transit is already encrypted. – zaph Jul 21 '16 at 14:48
that is transport layer is enough? no need to worry about the application layer encryption? – KTB Jul 21 '16 at 16:13

Android login panel: what are the security aspects should consider

2 Answers2