Webmasters › Re: Pls Help Me With Building Spc4 Mobile App by FincoApps(m): 12:09am On Sep 29, 2016 |
Can you give more details on the issue you are having
What says error connecting to server ? |
Programming › Re: Lessons In How Not To Implement Application Security by FincoApps(m): 11:18pm On Sep 28, 2016 |
lekropasky: YEAH, thanks bro. Yes, using post request can prevent the request from being made from a browser, but do you know there are apps that works on rooted phones, these apps can sniff all the network request going in-and-out of the particular phone, and a post request can be abuse by using/creating an html form that it action points to your url --<form action ='http://www.example.com/rest/login.php' method = 'POST'>....this form can contain maybe two hidden fields with the username and password as the name, values being the crazy guess they have made. What i am trying to let you understand is that, there is a way to know if a request is being manipulated i.e its not made/comes from your app and thats what am tryna figure out...i hope i make a little sense I do understand what you are saying.... If you do something similar to man in the Middle attack, you can redirect all requests going from your Phone to your computer and use a tool like Fiddler to analyse, understand or replay these requests.... No App I've touched has been able to survive this method... If the company cares about what you did, their Lawyers would write to you If there's a way, then it has not been implemented yet, but if you do find a way, please let me know so I can test it too  |
Programming › Re: Lessons In How Not To Implement Application Security by FincoApps(m): 10:19pm On Sep 28, 2016 |
lekropasky: Good Job is really going on here. I have some questions Boss. As a mobile app developer -Android, i am a noob when it comes to security, and it bother me alot. i have a software that communicate with a rest service, and i dont want some hackers to abuse my Rest Api, lets say i have a php file that handles user login with an address like --http://www.example.com/rest/login.php?user=username&pass=password, someone can just reverse engineer my app, copy the url, paste it inside a browser and maybe grab the raw json that was meant to return to the client. How do i prevent this please? Sends token to server on every http request? How do i verify the token on the backend...i have a lot of questions....THANKS. First of all, using POST request would be better and at least remove the pasting to browser option Secondly, this issue you just posted is actually not possible to prevent because any determined hacker would be able to reverse Engineer it.... Even Fb, WhatsApp, Twitter, Instagram, Snapchat all cannot stop it... that's why You see apps like Inst10, Snap10, FaceBox... etc all available on BlackBerry But some ways to make it difficult: Doing some validations on the server to check the device the request is coming from Doing some form of Key exchange For example, when a client opens the app, it securely get's an encrypted key and that key is sent with each other request made to the server - (Just a mild sample) Encrypting the request itself so for example you have var postData = {}; postData["userid"] = "daddy"; postData["password"] = "finco"; postData["key"] = key; var request = someEncryptionFunction(postData); Then send the request variable as your request... the server would then decrypt using a common key There are more sophisticated ways but trust me, they can all be reverse engineered and to me it's not hard to reverse engineer the communication of Applications with their server |
Programming › Re: The Greatest Programmer On Nairaland by FincoApps(m): 9:25pm On Sep 28, 2016 |
DanielTheGeek: I don't get what you say at times due to the way you type, but for the second question, tech sites get lots of traffic, but those targeted at developers don't get much visitors compared to general purpose websites because we have less developers and all these developers already have their preferred websites, so you coming with yours means you have to offer something their preferred site (e.g stack overflow) does not already have in order to dominate. Technical non-group specific websites like Stack Exchange, Gdevit (lol), Tech Cabal, Site Point tend to have more traffic than sites like onhax.net, cplusplus.com, php-forum.com e.t.c. Yea I agree, most tech websites I see... even including the ones targeted to developers always get traffic.... I wrote a post on how t create a simple game with Processing and my Traffic increased because of that post |
Programming › Re: The Greatest Programmer On Nairaland by FincoApps(m): 1:02pm On Sep 28, 2016 |
DanielTheGeek: Because empty is a function.. PHP actually has funny in-built functions like die( ), sleep( ), exit() lol Lol die is the weirdest.... the rest kinda seems normal |
Programming › Re: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 8:14am On Sep 28, 2016 |
dhtml18: You guys have started e-fight on my thread again. . . . . .you are all hereby charged for TROLLING on my thread Sorry mehn, I decided to surrender so you can have your thread back  |
Programming › Re: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 11:02pm On Sep 27, 2016 |
seunthomas: Do you know i get angry with people like you??
Its because you dont know much and you are misinforming people.
Thats why i get pissed and vexed........
Look who is call someone a retard.
By all standards am not your mate when it comes to programming so please go and look in a mirror and make that statement. Who's flexing muscles with you in programming, who ever mentioned I'm a programmer to you ?.... I'm sure you were one of those daft bullies when you were younger.... Someone as knowledgeable as you are don't deserve such insults but you always find a way to sound dumb.... Well like I said you are too slow to pay attention to, so I'll just shift and ignore you |
Programming › Re: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 10:48pm On Sep 27, 2016 |
seunthomas: You are the biggest rookie i have met. Mind you i contributed code to the original phonegap till it was moved to apache cordova. You cant make a performing hybrid app that would be half as good as a native app.(I stand to be corrected).
Native apps can be optimized so much that they are near perfect.
And the challenge with hybrid apps is that they will perform differently on different devices.
Maybe you should try testing on devices with 1GB ram or less and comeback here and make the same statement. LOL why are you calling me a rookie now..... I know about Phonegap apps not performing well on Less privileged devices but first of all I'm considering majority of devices we have around Secondly, creating plugins can fix the rest mehn... it's all about the approach Lastly I think you are retarded and it's a waste of time trying to make communicate with you |
Programming › Re: Let's Be Honest, The Number Of Programmers We Have In Nigeria Is Exagherrated by FincoApps(m): 10:37pm On Sep 27, 2016 |
seunthomas: Anything to bring down seunthomas right. sshhhhhhh. LOL no not really.... but you are like Nkem Owoh (Osuofia).... too much razor sharp mouth |
Programming › Re: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 10:34pm On Sep 27, 2016 |
KvnqPrezo: I don't know about it and how it works Just simply do some research on it... basically, it's a framework to make your web project written in (HTML, CSS and Javascript) to run as an Application on a smartphone.... The whole App actually runs on a webview thus it has limited resources compared to Native Apps.... That's why if you create a Phonegap app just the way you create websites, you would experience a lot of performance issues |
Programming › Re: The Greatest Programmer On Nairaland by FincoApps(m): 10:30pm On Sep 27, 2016 |
seunthomas: You have a problem.
Am not your problem.
Go and seek medical/psychological help.
And if you feel you are as good as i am then throw a challenge its as simple as that.
If you wont then keep shut.
My statement still stands. Let's clarify this so there won't be excuses like you've always made to dodge the small bullets some people have been shooting at you... SHOULD I THROW A CHALLENGE ? |
Programming › Re: Let's Be Honest, The Number Of Programmers We Have In Nigeria Is Exagherrated by FincoApps(m): 10:12pm On Sep 27, 2016 |
|
Programming › Re: The Greatest Programmer On Nairaland by FincoApps(m): 10:08pm On Sep 27, 2016 |
seunthomas: I dont have a mentality and to be honest am probably better than most people that contributed in this thread.
Why cant they just accept that??
The thing is if any of them was as much as a programmer as they claim, ordinarily reading my answers to some of their queries would show it very clearly that am a guru in this line. Can you just stop making these extremely annoying statements.... you are the first I've ever seen that'll say "I'm better than everyone in.....". Even Great people that has done great things (I'm not limiting it to programming now)... they don't make such boastful statements..... Let your brilliant posts speak for you and stop saying that rubbish Each time you say something brilliant for like 10 secs, you just say some other thing to mess it up The people that named the word "annoying" probably had you in mind while naming the word cause you are the real definition of annoying |
Programming › Re: The Greatest Programmer On Nairaland by FincoApps(m): 10:00pm On Sep 27, 2016 |
teampregar: Tho i did not read all the pages of this thread but, here is what i have to say: 1. SeunThomas kinda have a huge Ego problem(Dis is not an insult tho) 2. Concerning your None Disclosure Agreement excuse, atleast this thread started since February, u suppose don create one small program then show us, to shut up all those people wey dey criticize u na... 3. U should not always have this mentality that u are better than others, i noticed alot of good computer science graduates on this thread , one even went as far as show images of all those difficult computer science stuffs, but still yet u do the guy as if him be novice... Lets use me and kvnqprezo for an example, I learnt coding last year , while kvnqprezo learnt it d past 2 months.. The fact sey i first am get experience no mean say i no go value anything wen him contribute for thread about programming.. Lesson: The fact that u learnt programming since 18 years ago, does not mean u should look down on someone that learnt it yesterday..
Note: I mean no disrespect You are right |
Programming › Re: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 9:54pm On Sep 27, 2016 |
seunthomas: Always stick with native. In the short term, hybrid gets you faster to the market plus the sheer allure of cross-platform, but native apps always perform better than hybrid on the device. Also stay away from the new cross-platform native sdks like xamarin. They create problems on the long run. The last thing you want is to build a successful app and have to hurry to build the native version because of user complaints. It depends on the App idea.... Hybrid apps generally seem to perform poorly because it is TOO DAMN easy to create a crappy Hybrid App..... But I tell you, there are some that perform just as good as native... I agree, it's really difficult to see such, but I have |
Programming › Re: Native JAVA Android Developers - Let Us Discuss Techie Stuffs by FincoApps(m): 9:50pm On Sep 27, 2016 |
KvnqPrezo: I want to create my first project.. . An android app (to-do list) but don't know how to make it work as Android app... And I'll be using JavaScript.. . Please what's the steps.. I know how to design and code the stuff.. Have you checked out Phonegap ? |
Programming › Re: Lessons In How Not To Implement Application Security by FincoApps(m): 3:16pm On Sep 27, 2016 |
DanielTheGeek: For DDoS, the best approach is to have multiple relay servers so that when you're attacked another server can replace the attacked one, by the time they hit the second server the fault should have been detected by the engineers in the particular data center. People that use shared-hosting suffer the most due to lack of total control of the server. I hope I spoke a little sense.. Yeaaa alot actually |
Programming › Re: Lessons In How Not To Implement Application Security by FincoApps(m): 12:46pm On Sep 27, 2016 |
seunthomas: Yesterday, i took an app belonging to someone in this forum and reversed engineered it under 5mins.
He is also a top contributor here. He has some documents in the app which he encrypted with self-written encryption.
The security considerations in this thread is actually the default(basic) if you handling any form of important content.
Be it documents you are selling to people etc.
You can reverse engineer most apps but some apps are very difficult to reverse engineer. On android, use c/c++ to build very critical sections of your code. On IOS and windows, its more difficult to reverse engineer.
If you read my introduction in this thread "The thing is there is really no 'Unbreakable app'." The concept of an 'Unbreakable app' does not exist.
But while some apps will take 5 mins to reverse engineer some may take 5 months and by that time the company using that app has moved on to something else.
Also DDOS and DOS are preventable and could be really limited. We have managed security companies that can help with that but if you want an internally developed solution then we have open source projects that can help out.
So i will continue with this thread later in the day. Anymore questions ?? Well while you are correct about this, I'm not really talking about decompiling the app itself. What I meant is that the communication between your App and the server can always be reverse engineered and faked. e. Can an intelligent attacker reverse engineer your application and reimplement your app? ie, you can create your own version of the App and deceive the server by making it think requests are coming from the original App..... This was what I thought you meant when you said "reimplement your app" that's how all these 3rd party Instagrm, Fb, WhatsApp apps on BlackBerry work.... The explanation I gave is actually impossible to counter now but can still be made difficult like you said. I wouldn't bother too much about it |
Programming › Re: Lessons In How Not To Implement Application Security by FincoApps(m): 12:15pm On Sep 27, 2016 |
seunthomas: Lesson 2: In the beginning was security..... This is sometimes another issue in application development.
Most times we start developing an app and we decide to leave security for the last stage.
Then at that stage we are left with no choice but to implement a very weak security.
Wise develops start up their application development by putting in security considerations first.
If the application has sensitive data, then security must come in first.
You need to alight and possible list all the areas of attack on your application.
a. Does your application write to database?
b. Does the application access data from an unsecure source.
c. Do you implement SSL (Today using SSL must be the default for any application getting data from a webservice/api)?
d. Is the webserver/api open to DDOS/DOS(Distributed Denial of Service/Denial of Service)?
e. Can an intelligent attacker reverse engineer your application and reimplement your app?
You must consider all this and look for solutions and then build this solution into your app.
Its no longer wise to send unencrypted data over SSL. Even with SSL pinning, its still possible for Man in the middle attacks. So when sending sensitive data over a network, use SSL as well as encrypt the data on the client side. I don't really get the DDOS part..... All servers are open to this attack Also all Apps can be reverse Engineered.... there's no stopping it.... only difference is difficulty, but even at that, from my experience, the security on this is maxed out So I'm thinking should we really bother about this unstoppable factors |
Programming › Re: What Can Be Done To Improve This Section? by FincoApps(m): 12:06pm On Sep 27, 2016 |
sleepingdemon: Basically the plugin injects prism js or highlight js script tags into the nairaland page that is being logged on to, Then it looks for codes wrapped in "<pre>" and "<code>" tags, then gives them the syntax highlighting feature. Niceee. I'm interested |
Programming › Re: The Greatest Programmer On Nairaland by FincoApps(m): 11:48am On Sep 27, 2016 |
DanielTheGeek: I thought this thread was dead, Kvngprezo just started a horror movie. I partly understand what Seunthomas is saying, sometimes you build apps undercover for clients without claiming the project (some clients want It that way) and thus have nothing to boast of. But still within 6 years of your android development experience, you should have at least deployed an app (even beginners make hello-world apps). Sorry to say but if Zuckerberg was like you, then there would be no Facebook. Get bold 'ol man, I know you have projects, you're just shy or afraid (find your fear here and conquer it). hahahahahaa |
Programming › Re: Lessons In How Not To Implement Application Security by FincoApps(m): 10:28am On Sep 27, 2016 |
I'm enjoying the lesson so please continue |
Programming › Re: What Can Be Done To Improve This Section? by FincoApps(m): 6:22pm On Sep 25, 2016 |
dhtml18: We also need to organize more competitions, code fights and all that. . . . I agree with you, but people might be scared if they see that e battle between you and seunthomas  |
Programming › Re: What Can Be Done To Improve This Section? by FincoApps(m): 6:21pm On Sep 25, 2016 |
Javanian: I like to believe that is what the 'Report' button is intended for but people don't use it. When you see a post that you think is not appropriate for this section, simply use the report button and report the post and it will be attended to. EXACTLY!! |
Programming › Re: Please Help ! Help!! Help!!! by FincoApps(m): 6:05pm On Sep 25, 2016 |
|
Programming › Re: Please Help ! Help!! Help!!! by FincoApps(m): 11:13am On Sep 25, 2016 |
romeorails: Wow, u r damn right cos I remembered it was a phone number, but how can I get it is d prob I'ts difficult to tell because t depends on the modem.... Try checking: The back of the hardware The sim card (If it has) You should also see it in settings Check the inbox... (I remember that time, to subscribe you'll need to send a text with the modem number) Or finally, you can try calling your phone |
Programming › Re: App Programming And Website Design by FincoApps(m): 11:06am On Sep 25, 2016 |
bot101: I agree he should know his choices. I only gave what I think is the best choice in this particular kind of situation (a website AND app). Truly you are right |
Programming › Re: Please Help ! Help!! Help!!! by FincoApps(m): 11:29pm On Sep 24, 2016 |
|
Programming › Re: App Programming And Website Design by FincoApps(m): 6:17pm On Sep 24, 2016 |
bot101: I know you know why because you do ionic, or don't you? I just think you should show the options he has first ie Native or Hybrid |
Programming › Re: Help Out by FincoApps(m): 11:59am On Sep 24, 2016 |
[b][/b] habby51: my Q10 is not installation apps/apk again, neva knw why. It will download but it will not install/launch. Actually it was not like dis wen I bought the phone, just notice dis sudden change not too long. Application like imo, viber, mobomarket, badoo etc can't install again, of whch have once installed den on it b4 I uninstalled when my phone memory is abt getting full. Now av deleted everytin on my phone just 2 av does apps back, but not installing. kindly help Does it show an error message? |
Programming › Re: App Programming And Website Design by FincoApps(m): 10:49am On Sep 24, 2016 |
bot101: In this order, learn HTML, CSS, JAVASCRIPT, ANGULARJS, IONIC, NODEJS, MONGOOSE, EXPRESSION. Once you've covered these, you are good to go. Why ionic naw |
Programming › Re: Programmers Help! CERBER3 Virus! by FincoApps(m): 10:48am On Sep 24, 2016 |
jayplect: Please help resolve this programmers in d house. One virus infected my pc two days ago and rendered all my documents unaccessible. Its called cerber3. I believe it was from one mail i got from a foreign country. I have searched for solutions to decrypt but all was futile. I did system restore but no success. The closest i ever came was with a ransomware app but its passworded and i was required to fill an online survey but unfortunately the survey is not available to this region .. Pls house help me for solution as the thought of losing all my documents sends shivers into my spine. Sounds like a ransomware. I get at least 3 - 5 of those emails daily..... I read about it and it's a ransomware that encrypts files using AES-256 encryption.... Meaning it's almost impossible and not feasible to crack it..... You would need to pay them to recover your files or simply recover them from a backup after cleaning the computer |