Hiding Secret Keys in Your Flutter App: Comprehensive Guide and Best Practices

Рет қаралды 3,997

Күн бұрын

Пікірлер: 20

@ozayed5580 Жыл бұрын

You forgot to mention that we have to add .env to .yaml file as Assets, which is mentioned in the official documentation. but thanks for the video

@Snehasis4321 Жыл бұрын

Yes, you are right, just skipped that part while editing.

@realistic3 7 күн бұрын

Thanks

@christianmarpert3844 Жыл бұрын

Hi, thks for your video! didnt know about that package so far. was just wondering, if that .env file will be shipped to the client, so it could be exploited via reverse engineering?

@Snehasis4321 Жыл бұрын

It is hard but it is still possible to get the key,values using reverse engineering . We can use encryption and decryption techniques on the .env values to make them more secure and difficult to hack.

@dazlingwiz 11 ай бұрын

Great video. Is it necessary to print in the init state?

@Snehasis4321 11 ай бұрын

No not required , just use for testing.

@dazlingwiz 11 ай бұрын

thought so.. thanks for the video@@Snehasis4321

@mohammedsolyman3891 10 ай бұрын

thank you very much

@juanamayaduarte8975 11 ай бұрын

But, it's still plain text storage. How could you deal with reverse engineering attacks?

@Snehasis4321 11 ай бұрын

you can use encryption and decryption techniques to hide the keys. if hacker get the .env file will be difficult to find the exact keys.

@somnathdas8922 Жыл бұрын

Hi Snehasis are you from kolkata? Can you make a tutorial of voice room, live stream with webrtc. If you will do than It will be really helpful for us.

@Snehasis4321 Жыл бұрын

Ok i will do it.

@somnathdas8922 Жыл бұрын

@@Snehasis4321 Snehasis, I know Flutter, React, and React Native but I don't know about Appwrite after going through your tutorial I realised It's the same as Firebase. And you explained everything perfectly.

@Snehasis4321 Жыл бұрын

@@somnathdas8922 yes it is the same , you can also say an alternative of firebase.

@chrislamont7529 2 ай бұрын

Sorry but this is not hiding anything from anyone.

@Snehasis4321 2 ай бұрын

What problem are you facing?

@Glitcheverywhere Ай бұрын

@@Snehasis4321Did you do any research about this package before making this video? The env file located on assets comes with your built in apk which is easily accessible from app like apkeditor on.

@Glitcheverywhere 24 күн бұрын

@@Snehasis4321 Do a proper resarch before creating content. The dotenv is not secure to store secrect keys. When you build apk The ".env" file come with android apk assets. So anyone can access or see the secret keys from the .env file with app like "ApkEditor"