Good practice for security in Livecode

[KimD]

Is there any advice on good practice for security in Livecode standalone applications?

My immediate concern is providing a level of protection to an app I'm developing for Android. I'd like to appropriately minimize the risk of naughty people:
- being able to view external database credentials that I've hard coded; and
- being able to reverse engineer my app

I've already discovered:
- Standalone Application Settings > Stacks > Encrypt with password
- http://forums.livecode.com/viewtopic.ph ... ty#p105923

How easy is it for someone to reverse engineer (so that they can view the source code) an APK generated by Livecode?

Thanks in advance

[ClipArtGuy]

If you want good security, use some sort of "middleware" script. Hard coding your database credentials into an app that will be widely distributed is not secure. see this thread, which IIRC contains both a PHP and LiveCode server example.

http://forums.livecode.com/viewtopic.ph ... middleware

[KimD]

Thanks. I'd already experimented with PhP middleware, and got it working with Livecode, so that is a relatively easy option for me to follow.

Do you have any info on the 2nd part to my query; how easy is it for people to reverse-engineer an apk file to see the Livecode source?

Regards

[FourthWorld]

Do you have any info on the 2nd part to my query; how easy is it for people to reverse-engineer an apk file to see the Livecode source?

The bad news is that ultimately all software algorithms can be learned through core dumps and disassembly, with any app on any OS made in any language.

The good news is that few bother. It's a lot of work, and who enjoys working with Assember?

If you password-protect your stacks, that encryption during binding in conjunction with the compilation to the APK format itself will be about as good as any other code protection you'll find in other languages.

[KimD]

Thanks - good to know.