Open djay789 opened 8 years ago
I am using Android SDK 0.9.2.
The Logger is not disable for release version so the IP and AppCode are visible in the log cat: I/BAASBOX: requested {url ->http://xxx.xxx.xxx.xxx:9000/document/XXX?where=current+%3D+true&orderBy=creation_date+DESC&page=0&recordsPerPage=20 method: GET, headers ->{User-Agent:BaasBox AndroidSDK/0.9.2X-BAASBOX-APPCODE:xxxxxxxxX-BB-SESSION:xxxxxx-xxxxx-xxxxxx-xxxxxxx}}
This is not very secure!
On solution may be to let access to the ENABLED field :
public static final boolean ENABLED = true;
This is very insecure !!!
f0restw0w
commented
8 years ago f0restw0w
commented
8 years ago
I am using Android SDK 0.9.2.
The Logger is not disable for release version so the IP and AppCode are visible in the log cat: I/BAASBOX: requested {url ->http://xxx.xxx.xxx.xxx:9000/document/XXX?where=current+%3D+true&orderBy=creation_date+DESC&page=0&recordsPerPage=20 method: GET, headers ->{User-Agent:BaasBox AndroidSDK/0.9.2X-BAASBOX-APPCODE:xxxxxxxxX-BB-SESSION:xxxxxx-xxxxx-xxxxxx-xxxxxxx}}
This is not very secure!
On solution may be to let access to the ENABLED field :