₦airaland Forum

Welcome, Guest: RegisterLoginWith GoogleTrendingRecentNew

Stats: 3,330,820 members, 8,447,231 topics. Date: Friday, 17 July 2026 at 09:59 PM

Toggle theme

FincoApps's Posts

Nairaland ForumFincoApps's ProfileFincoApps's Posts

1 2 3 4 5 6 7 8 9 10 11 12 13 (of 31 pages)

WebmastersRe: Pls Help Me With Building Spc4 Mobile App by FincoApps(m): 12:09am On Sep 29, 2016
Can you give more details on the issue you are having

What says error connecting to server ?
ProgrammingRe: Lessons In How Not To Implement Application Security by FincoApps(m): 11:18pm On Sep 28, 2016
lekropasky:
YEAH, thanks bro. Yes, using post request can prevent the request from being made from a browser, but do you know there are apps that works on rooted phones, these apps can sniff all the network request going in-and-out of the particular phone, and a post request can be abuse by using/creating an html form that it action points to your url --<form action ='http://www.example.com/rest/login.php' method = 'POST'>....this form can contain maybe two hidden fields with the username and password as the name, values being the crazy guess they have made. What i am trying to let you understand is that, there is a way to know if a request is being manipulated i.e its not made/comes from your app and thats what am tryna figure out...i hope i make a little sense
I do understand what you are saying....

If you do something similar to man in the Middle attack, you can redirect all requests going from your Phone to your computer and use a tool like Fiddler to analyse, understand or replay these requests....

No App I've touched has been able to survive this method... If the company cares about what you did, their Lawyers would write to you

If there's a way, then it has not been implemented yet, but if you do find a way, please let me know so I can test it too cheesy
ProgrammingRe: Lessons In How Not To Implement Application Security by FincoApps(m): 10:19pm On Sep 28, 2016
lekropasky:
Good Job is really going on here. I have some questions Boss. As a mobile app developer -Android, i am a noob when it comes to security, and it bother me alot. i have a software that communicate with a rest service, and i dont want some hackers to abuse my Rest Api, lets say i have a php file that handles user login with an address like --http://www.example.com/rest/login.php?user=username&pass=password, someone can just reverse engineer my app, copy the url, paste it inside a browser and maybe grab the raw json that was meant to return to the client. How do i prevent this please? Sends token to server on every http request? How do i verify the token on the backend...i have a lot of questions....THANKS.
First of all, using POST request would be better and at least remove the pasting to browser option

Secondly, this issue you just posted is actually not possible to prevent because any determined hacker would be able to reverse Engineer it.... Even Fb, WhatsApp, Twitter, Instagram, Snapchat all cannot stop it... that's why You see apps like Inst10, Snap10, FaceBox... etc all available on BlackBerry

But some ways to make it difficult:

Doing some validations on the server to check the device the request is coming from

Doing some form of Key exchange For example, when a client opens the app, it securely get's an encrypted key and that key is sent with each other request made to the server - (Just a mild sample)

Encrypting the request itself so for example you have
var postData = {};
postData["userid"] = "daddy";
postData["password"] = "finco";
postData["key"] = key;

var request = someEncryptionFunction(postData);

Then send the request variable as your request... the server would then decrypt using a common key

There are more sophisticated ways but trust me, they can all be reverse engineered and to me it's not hard to reverse engineer the communication of Applications with their server
ProgrammingRe: The Greatest Programmer On Nairaland by FincoApps(m): 9:25pm On Sep 28, 2016
DanielTheGeek:
I don't get what you say at times due to the way you type, but for the second question, tech sites get lots of traffic, but those targeted at developers don't get much visitors compared to general purpose websites because we have less developers and all these developers already have their preferred websites, so you coming with yours means you have to offer something their preferred site (e.g stack overflow) does not already have in order to dominate. Technical non-group specific websites like Stack Exchange, Gdevit (lol), Tech Cabal, Site Point tend to have more traffic than sites like onhax.net, cplusplus.com, php-forum.com e.t.c.
Yea I agree, most tech websites I see... even including the ones targeted to developers always get traffic....

I wrote a post on how t create a simple game with Processing and my Traffic increased because of that post
ProgrammingRe: The Greatest Programmer On Nairaland by FincoApps(m): 1:02pm On Sep 28, 2016
DanielTheGeek:
Because empty is a function..
PHP actually has funny in-built functions like die( ), sleep( ), exit() lol
Lol die is the weirdest.... the rest kinda seems normal
ProgrammingRe: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 8:14am On Sep 28, 2016
dhtml18:
You guys have started e-fight on my thread again. . . . . .you are all hereby charged for TROLLING on my thread
Sorry mehn,

I decided to surrender so you can have your thread back cheesy
ProgrammingRe: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 11:02pm On Sep 27, 2016
seunthomas:
Do you know i get angry with people like you??

Its because you dont know much and you are misinforming people.

Thats why i get pissed and vexed........

Look who is call someone a retard.

By all standards am not your mate when it comes to programming so please go and look in a mirror and make that statement.
Who's flexing muscles with you in programming, who ever mentioned I'm a programmer to you ?.... I'm sure you were one of those daft bullies when you were younger....

Someone as knowledgeable as you are don't deserve such insults but you always find a way to sound dumb....

Well like I said you are too slow to pay attention to, so I'll just shift and ignore you
ProgrammingRe: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 10:48pm On Sep 27, 2016
seunthomas:
You are the biggest rookie i have met. Mind you i contributed code to the original phonegap till it was moved to apache cordova.

You cant make a performing hybrid app that would be half as good as a native app.(I stand to be corrected).

Native apps can be optimized so much that they are near perfect.

And the challenge with hybrid apps is that they will perform differently on different devices.

Maybe you should try testing on devices with 1GB ram or less and comeback here and make the same statement.
LOL why are you calling me a rookie now..... I know about Phonegap apps not performing well on Less privileged devices but first of all

I'm considering majority of devices we have around
Secondly, creating plugins can fix the rest mehn... it's all about the approach

Lastly I think you are retarded and it's a waste of time trying to make communicate with you
ProgrammingRe: Let's Be Honest, The Number Of Programmers We Have In Nigeria Is Exagherrated by FincoApps(m): 10:37pm On Sep 27, 2016
seunthomas:
Anything to bring down seunthomas right. sshhhhhhh.
LOL no not really.... but you are like Nkem Owoh (Osuofia).... too much razor sharp mouth
ProgrammingRe: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 10:34pm On Sep 27, 2016
KvnqPrezo:
I don't know about it and how it works
Just simply do some research on it... basically, it's a framework to make your web project written in (HTML, CSS and Javascript) to run as an Application on a smartphone....

The whole App actually runs on a webview thus it has limited resources compared to Native Apps.... That's why if you create a Phonegap app just the way you create websites, you would experience a lot of performance issues
ProgrammingRe: The Greatest Programmer On Nairaland by FincoApps(m): 10:30pm On Sep 27, 2016
seunthomas:
You have a problem.

Am not your problem.

Go and seek medical/psychological help.

And if you feel you are as good as i am then throw a challenge its as simple as that.

If you wont then keep shut.

My statement still stands.
Let's clarify this so there won't be excuses like you've always made to dodge the small bullets some people have been shooting at you...

SHOULD I THROW A CHALLENGE ?
ProgrammingRe: Let's Be Honest, The Number Of Programmers We Have In Nigeria Is Exagherrated by FincoApps(m): 10:12pm On Sep 27, 2016
DanielTheGeek:
No diss but I genuinely take you as a technical evangelist, you preach code, till you actually share some useful code snippets..it's people like you that receive stack overflow's down-vote hammer of justice. (No diss)
smiley cheesy grin smiley

Normally, I would write "LOL", but this actually Literally got me Laughing Out Loud cheesy
ProgrammingRe: The Greatest Programmer On Nairaland by FincoApps(m): 10:08pm On Sep 27, 2016
seunthomas:
I dont have a mentality and to be honest am probably better than most people that contributed in this thread.

Why cant they just accept that??

The thing is if any of them was as much as a programmer as they claim, ordinarily reading my answers to some of their queries would show it very clearly that am a guru in this line.
Can you just stop making these extremely annoying statements.... you are the first I've ever seen that'll say "I'm better than everyone in.....". Even Great people that has done great things (I'm not limiting it to programming now)... they don't make such boastful statements..... Let your brilliant posts speak for you and stop saying that rubbish

Each time you say something brilliant for like 10 secs, you just say some other thing to mess it up

The people that named the word "annoying" probably had you in mind while naming the word cause you are the real definition of annoying
ProgrammingRe: The Greatest Programmer On Nairaland by FincoApps(m): 10:00pm On Sep 27, 2016
teampregar:
Tho i did not read all the pages of this thread but,
here is what i have to say:
1. SeunThomas kinda have a huge Ego problem(Dis is not an insult tho)
2. Concerning your None Disclosure Agreement excuse, atleast this thread started since February, u suppose don create one small program then show us, to shut up all those people wey dey criticize u na...
3. U should not always have this mentality that u are better than others, i noticed alot of good computer science graduates on this thread , one even went as far as show images of all those difficult computer science stuffs, but still yet u do the guy as if him be novice...
Lets use me and kvnqprezo for an example,
I learnt coding last year , while kvnqprezo learnt it d past 2 months.. The fact sey i first am get experience no mean say i no go value anything wen him contribute for thread about programming.. Lesson: The fact that u learnt programming since 18 years ago, does not mean u should look down on someone that learnt it yesterday..

Note: I mean no disrespect
You are right
ProgrammingRe: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 9:54pm On Sep 27, 2016
seunthomas:
Always stick with native. In the short term, hybrid gets you faster to the market plus the sheer allure of cross-platform, but native apps always perform better than hybrid on the device. Also stay away from the new cross-platform native sdks like xamarin. They create problems on the long run. The last thing you want is to build a successful app and have to hurry to build the native version because of user complaints.
It depends on the App idea.... Hybrid apps generally seem to perform poorly because it is TOO DAMN easy to create a crappy Hybrid App.....

But I tell you, there are some that perform just as good as native... I agree, it's really difficult to see such, but I have
ProgrammingRe: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 9:50pm On Sep 27, 2016
KvnqPrezo:
I want to create my first project..
.
An android app (to-do list) but don't know how to make it work as Android app...
And I'll be using JavaScript..
.
Please what's the steps.. I know how to design and code the stuff..
Have you checked out Phonegap ?
ProgrammingRe: Lessons In How Not To Implement Application Security by FincoApps(m): 3:16pm On Sep 27, 2016
DanielTheGeek:
For DDoS, the best approach is to have multiple relay servers so that when you're attacked another server can replace the attacked one, by the time they hit the second server the fault should have been detected by the engineers in the particular data center. People that use shared-hosting suffer the most due to lack of total control of the server.
I hope I spoke a little sense..
Yeaaa alot actually
ProgrammingRe: Lessons In How Not To Implement Application Security by FincoApps(m): 12:46pm On Sep 27, 2016
seunthomas:
Yesterday, i took an app belonging to someone in this forum and reversed engineered it under 5mins.

He is also a top contributor here. He has some documents in the app which he encrypted with self-written encryption.

The security considerations in this thread is actually the default(basic) if you handling any form of important content.

Be it documents you are selling to people etc.

You can reverse engineer most apps but some apps are very difficult to reverse engineer. On android, use c/c++ to build very critical sections of your code. On IOS and windows, its more difficult to reverse engineer.

If you read my introduction in this thread "The thing is there is really no 'Unbreakable app'."

The concept of an 'Unbreakable app' does not exist.

But while some apps will take 5 mins to reverse engineer some may take 5 months and by that time the company using that app has moved on to something else.

Also DDOS and DOS are preventable and could be really limited. We have managed security companies that can help with that but if you want an internally developed solution then we have open source projects that can help out.


So i will continue with this thread later in the day. Anymore questions ??
Well while you are correct about this, I'm not really talking about decompiling the app itself.
What I meant is that the communication between your App and the server can always be reverse engineered and faked.

e. Can an intelligent attacker reverse engineer your application and reimplement your app?
ie, you can create your own version of the App and deceive the server by making it think requests are coming from the original App..... This was what I thought you meant when you said "reimplement your app" that's how all these 3rd party Instagrm, Fb, WhatsApp apps on BlackBerry work.... The explanation I gave is actually impossible to counter now but can still be made difficult like you said. I wouldn't bother too much about it
ProgrammingRe: Lessons In How Not To Implement Application Security by FincoApps(m): 12:15pm On Sep 27, 2016
seunthomas:
Lesson 2: In the beginning was security.....
This is sometimes another issue in application development.

Most times we start developing an app and we decide to leave security for the last stage.

Then at that stage we are left with no choice but to implement a very weak security.

Wise develops start up their application development by putting in security considerations first.

If the application has sensitive data, then security must come in first.

You need to alight and possible list all the areas of attack on your application.

a. Does your application write to database?

b. Does the application access data from an unsecure source.

c. Do you implement SSL (Today using SSL must be the default for any application getting data from a webservice/api)?

d. Is the webserver/api open to DDOS/DOS(Distributed Denial of Service/Denial of Service)?

e. Can an intelligent attacker reverse engineer your application and reimplement your app?


You must consider all this and look for solutions and then build this solution into your app.

Its no longer wise to send unencrypted data over SSL. Even with SSL pinning, its still possible for Man in the middle attacks. So when sending sensitive data over a network, use SSL as well as encrypt the data on the client side.
I don't really get the DDOS part..... All servers are open to this attack

Also all Apps can be reverse Engineered.... there's no stopping it.... only difference is difficulty, but even at that, from my experience, the security on this is maxed out

So I'm thinking should we really bother about this unstoppable factors
ProgrammingRe: What Can Be Done To Improve This Section? by FincoApps(m): 12:06pm On Sep 27, 2016
sleepingdemon:
Basically the plugin injects prism js or highlight js script tags into the nairaland page that is being logged on to,
Then it looks for codes wrapped in "<pre>" and "<code>" tags, then gives them the syntax highlighting feature.
Niceee. I'm interested
ProgrammingRe: The Greatest Programmer On Nairaland by FincoApps(m): 11:48am On Sep 27, 2016
DanielTheGeek:
I thought this thread was dead, Kvngprezo just started a horror movie.
I partly understand what Seunthomas is saying, sometimes you build apps undercover for clients without claiming the project (some clients want It that way) and thus have nothing to boast of. But still within 6 years of your android development experience, you should have at least deployed an app (even beginners make hello-world apps). Sorry to say but if Zuckerberg was like you, then there would be no Facebook. Get bold 'ol man, I know you have projects, you're just shy or afraid (find your fear here and conquer it).
hahahahahaa
ProgrammingRe: Lessons In How Not To Implement Application Security by FincoApps(m): 10:28am On Sep 27, 2016
I'm enjoying the lesson so please continue
ProgrammingRe: What Can Be Done To Improve This Section? by FincoApps(m): 6:22pm On Sep 25, 2016
dhtml18:
We also need to organize more competitions, code fights and all that. . . .
I agree with you, but people might be scared if they see that e battle between you and seunthomas cheesy
ProgrammingRe: What Can Be Done To Improve This Section? by FincoApps(m): 6:21pm On Sep 25, 2016
Javanian:
I like to believe that is what the 'Report' button is intended for but people don't use it. When you see a post that you think is not appropriate for this section, simply use the report button and report the post and it will be attended to.
EXACTLY!!
ProgrammingRe: Please Help ! Help!! Help!!! by FincoApps(m): 6:05pm On Sep 25, 2016
romeorails:
ok , tnx
You welcome smiley
ProgrammingRe: Please Help ! Help!! Help!!! by FincoApps(m): 11:13am On Sep 25, 2016
romeorails:
Wow, u r damn right cos I remembered it was a phone number, but how can I get it is d prob
I'ts difficult to tell because t depends on the modem.... Try checking:

The back of the hardware
The sim card (If it has)
You should also see it in settings
Check the inbox... (I remember that time, to subscribe you'll need to send a text with the modem number)
Or finally, you can try calling your phone
ProgrammingRe: App Programming And Website Design by FincoApps(m): 11:06am On Sep 25, 2016
bot101:
I agree he should know his choices. I only gave what I think is the best choice in this particular kind of situation (a website AND app).
Truly you are right
ProgrammingRe: Please Help ! Help!! Help!!! by FincoApps(m): 11:29pm On Sep 24, 2016
romeorails:
Computer geeks please help me huh angry
I av been tailing this guy , to gain access to his system at work, I actually made way today, I got into his system with 1 password, and got to connect his modem with the same password which happened to be his name after a lot of tries.
I didn't even check the username for the modem since it was stored and required only the password to connect the visafone modem
. After using the modem for a while, and was surfing the net, I ddnt knw Wt I did after disconnecting the modem severally when not in use, I come back to continue and connect with just d password alone. But I must av forced clicked sth that now made it ask for username.
Poor me, I ddnt even memorise the username all the while since it was saved and I was too eager to use the system.

Pls what do u think the username can be, it's a visafone modem and I know the password angry
I think it used to be the phone number of the modem
ProgrammingRe: App Programming And Website Design by FincoApps(m): 6:17pm On Sep 24, 2016
bot101:
I know you know why because you do ionic, or don't you?
I just think you should show the options he has first ie Native or Hybrid
ProgrammingRe: Help Out by FincoApps(m): 11:59am On Sep 24, 2016
[b][/b]
habby51:
my Q10 is not installation apps/apk again, neva knw why.
It will download but it will not install/launch.
Actually it was not like dis wen I bought the phone, just notice dis sudden change not too long.
Application like imo, viber, mobomarket, badoo etc can't install again, of whch have once installed den on it b4 I uninstalled when my phone memory is abt getting full. Now av deleted everytin on my phone just 2 av does apps back, but not installing.
kindly help
Does it show an error message?
ProgrammingRe: App Programming And Website Design by FincoApps(m): 10:49am On Sep 24, 2016
bot101:
In this order, learn HTML, CSS, JAVASCRIPT, ANGULARJS, IONIC, NODEJS, MONGOOSE, EXPRESSION. Once you've covered these, you are good to go.
Why ionic naw
ProgrammingRe: Programmers Help! CERBER3 Virus! by FincoApps(m): 10:48am On Sep 24, 2016
jayplect:
Please help resolve this programmers in d house.
One virus infected my pc two days ago and rendered all my documents unaccessible. Its called cerber3. I believe it was from one mail i got from a foreign country. I have searched for solutions to decrypt but all was futile. I did system restore but no success. The closest i ever came was with a ransomware app but its passworded and i was required to fill an online survey but unfortunately the survey is not available to this region .. Pls house help me for solution as the thought of losing all my documents sends shivers into my spine.
Sounds like a ransomware. I get at least 3 - 5 of those emails daily.....

I read about it and it's a ransomware that encrypts files using AES-256 encryption.... Meaning it's almost impossible and not feasible to crack it..... You would need to pay them to recover your files or simply recover them from a backup after cleaning the computer

1 2 3 4 5 6 7 8 9 10 11 12 13 (of 31 pages)