I've been looking into how to manage my config properties in an android project. I need a place to store urls, usernames and passwords of the web services my app connec开发者_开发百科ts to. In a normal java project i would have a config.properties file and would use spring to inject the properties into wherever they were needed. I thought about using the strings.xml file, is this a bad place to store them? Are there any issues with storing sensitive data like passwords in there? Any other ideas of what i could do?
Any advice would be greatly appreciated!
David
It is Better to store them in /assets directory or in /res/raw directory see http://myossdevblog.blogspot.in/2010/02/reading-properties-files-on-android.html
I always just put stuff like this in strings.xml but I don't really deal with passwords. Preferences are also an option. You will probably want to encrypt the passwords.
Rember that you have control of a web app servier, you don't have control of a user's device. It may be rooted, it may not, they may have easy access to pull your apk and look at it, or check out the preferences. So if you are really worried about security of these things you may want to not store them on the device.
One easy option would be to run a proxy server that had the necessary access, and run all your web service calls through the proxy.
One good place is to put these in a properties file, the advantage is if for some reason your URL changes then you can easily overwrite the key/value in the file with a new URL from server (provided you have code that supports that and runs on app launch). Taken further, this mechanism can be used to enable/disable features of an app, enable debug logs to help troubleshoot customer service issues etc.
The Android Shared Preferences seems like the proper storage for any application config data to be preserved over app restarts (providing the data is not too large in which case you may need a database). Hope this helps, Robert
精彩评论