在Android应用程序中存储用户设置的最合适方法是什么
我正在创建一个使用用户名/密码连接到服务器的应用程序,我想启用保存密码"选项,这样用户就不必在每次应用程序启动时都输入密码.
I am creating an application which connects to the server using username/password and I would like to enable the option "Save password" so the user wouldn't have to type the password each time the application starts.
我尝试使用共享首选项,但不确定这是否是最佳解决方案.
I was trying to do it with Shared Preferences but am not sure if this is the best solution.
如果有任何关于如何在 Android 应用程序中存储用户值/设置的建议,我将不胜感激.
I would appreciate any suggestion on how to store user values/settings in Android application.
推荐答案
一般来说,SharedPreferences 是您存储首选项的最佳选择,所以一般来说我会推荐这种方法来保存应用程序和用户设置.
In general SharedPreferences are your best bet for storing preferences, so in general I'd recommend that approach for saving application and user settings.
这里唯一需要关注的是您要保存的内容.存储密码总是一件棘手的事情,我会特别小心将它们存储为明文.Android 架构是这样的,您的应用程序的 SharedPreferences 被沙盒化,以防止其他应用程序能够访问这些值,因此那里有一些安全性,但对手机的物理访问可能会允许访问这些值.
The only area of concern here is what you're saving. Passwords are always a tricky thing to store, and I'd be particularly wary of storing them as clear text. The Android architecture is such that your application's SharedPreferences are sandboxed to prevent other applications from being able to access the values so there's some security there, but physical access to a phone could potentially allow access to the values.
如果可能,我会考虑修改服务器以使用协商令牌来提供访问权限,例如 OAuth.或者,您可能需要构建某种加密存储,尽管这并非易事.至少,确保在将密码写入磁盘之前对其进行了加密.
If possible I'd consider modifying the server to use a negotiated token for providing access, something like OAuth. Alternatively you may need to construct some sort of cryptographic store, though that's non-trivial. At the very least, make sure you're encrypting the password before writing it to disk.
相关文章