sdk-for-flutter icon indicating copy to clipboard operation
sdk-for-flutter copied to clipboard

Published 20 hours ago verified publisher icon appwrite

🚀 Feature: Change cookie storage

Open maeddin opened this issue 2 years ago • 5 comments

🔖 Feature description

Currently, the cookies are stored in files that can be accessed by other apps.

🎤 Pitch

I would suggest that you change the location of the cookies. I would use the plugin flutter_secure_storage for this purpose. I have also implemented this locally for my own projects. If desired, I can provide a corresponding pull request.

👀 Have you spent some time to check if this issue has been raised before?

  • [x] I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

maeddin avatar Apr 25 '22 17:04 maeddin

@MaddinMade we would love the pull reuqest. However the PR has to be made in our https://github.com/appwrite/sdk-generator repository, as we use templates and swagger specs to auto-generate our SDKs. Let us know if you are interested 🙏🏻

lohanidamodar avatar Apr 28 '22 01:04 lohanidamodar

@lohanidamodar Yes, I am interested, but I have no experience with such templates. Do I just need to edit the twig files? And also should a migrator be written to transfer the cookies to the new storage if they are still in the old storage?

maeddin avatar Apr 28 '22 01:04 maeddin

@lohanidamodar Yes, I am interested, but I have no experience with such templates. Do I just need to edit the twig files? And also should a migrator be written to transfer the cookies to the new storage if they are still in the old storage?

  • Yes, editing twig files should be really simple once you implement the code in sdk-for-flutter, you can find the similar files in templates and update them.
  • Yes, if possible we should write the migrator, if not, we should describe it as a breaking change.

lohanidamodar avatar May 09 '22 12:05 lohanidamodar

Is it a real security vulnerability? Dir that is returned from the path provider as an app documents directory that has Context.MODE_PRIVATE. https://github.com/flutter/engine/blob/main/shell/platform/android/io/flutter/util/PathUtils.java#L23

obiwanzenobi avatar Jun 05 '23 08:06 obiwanzenobi

@obiwanzenobi Other apps cannot access it with this. But it's about the situation when someone comes to your phone. They could then read the app documents, but not the encrypted data, unless they can unlock the phone. (As far as I know - I'm not an absolute expert in this either).

maeddin avatar Jun 05 '23 08:06 maeddin