that it would use encryption -- it might based on your feedback. I
just won't be going the centralized server route, that's I am 100%
certain about.
Salary information is sensitive enough in the Western world, but if
you ever drive around in a taxi in Beijing, don't be surprised if the
driver will ask you hold old you are, if you are married and how much
money you make. It's a cultural thing.
On May 30, 1:06 pm, Bob Kerns <r...@acm.org> wrote:
> Ah. Well, I'm going to assume you understand your customers (but suggest you
> always question whether you do! :=)
>
> Indeed, one should always keep one's security practices in conformity with
> the nature of what you are protecting.
>
> But I would certainly consider salary information to be sensitive enough to
> justify encryption. But you're not giving us a lot of detail, so I guess I
> can't say much more. (I am not faulting you for that).
>
> Good luck.
>
>
>
> On Sunday, May 29, 2011 9:21:39 PM UTC-7, Zsolt Vasvari wrote:
>
> > I have zero problems with using a servers, but my customers do. My
> > app doesn't require an Internet permission and I intend it to keep it
> > that way.
>
> > By "sensitive" I dont' really mean to the point where if I steal a
> > user's phone, I can drain his bank account empty. The worse that will
> > happen is they find out how much I make. It's nothing a Chinese
> > person wouldn't flat out ask you and would expect an honest answer :)
>
> > On May 30, 12:14 pm, Nikolay Elenkov <nikolay...@gmail.com>
> > wrote:
> > > On Mon, May 30, 2011 at 12:51 PM, Bob Kerns <r....@acm.org> wrote:
> > > > Don't worry about the terminology -- "ad hoc wifi network" is what
> > you're
> > > > looking for. I just wanted to figure out what you intended to say.
>
> > > > Hmm, "peer-to-peer" and "sensitive financial data" has me a bit
> > concerned.
> > > > I don't advocate sending sensitive data, via servers or not,
> > unencrypted. I
> > > > hope you're using some sort of public key encryption, with a secure key
>
> > > > exchange, such as Diffie-Hellman. If all I have to do is eavesdrop on
> > your
> > > > NFC communications.... (The role of the public key encryption part is
> > to
> > > > give you a way to strongly identify the recipient you're exchanging the
>
> > > > encryption keys with).
>
> > > It might actually be easier and more secure to exchange just URLs, and
> > > have the app get the data via https *and* authenticate to the server,
> > rather
> > > than trying to implement a secure protocol on top of NFC. That way the
> > app
> > > can be sure it's talking to the right server (server certificate) and
> > > the server
> > > can be sure it's giving the data to the right person (Google account,
> > etc.
> > > authentication).- Hide quoted text -
>
> - Show quoted text -
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
No comments:
Post a Comment