Open kightsonsanom opened 3 months ago
Hi, @kightsonsanom Could you explain more "when I add different SHA than my app uses then I can still use the SDK"? Do you mean even if you entered different package signautre other than the one on Channel Admin web page, you can still use the SDK to login successfully?
Entering value in SHA package signature has the advantage of somewhat protecting the app from being tampered with.
As for how to secure channelID
, it's beyond the scope of LINE SDK integration.
Hey @plateaukao, thanks for reply! Let's take an example:
abc
xyz
My assumption was that Line login shouldn't work in this case because there is no abc
signature on Channel Admin web page. Instead, I could still use the Line SDK.
As for how to secure channelID, it's beyond the scope of LINE SDK integration.
The question was not how but should it be stored securely. If SHA signatures do not protect the app then I think it should but it comes down to the answer of the first question.
Hello, what is the purpose of adding package signatures on the line developer console? My understanding was that it can limit usage of channel ID to specific signatures but when I add different SHA than my app uses then I can still use the SDK.
The documentation only explains how to add the signatures, not the purpose of it https://developers.line.biz/en/docs/line-login-sdks/android-sdk/integrate-line-login/#link-app-to-channel
Could you explain what is the benefit of adding SHA signatures? Also should I make my
channelID
secure by injecting it through the CI?Thanks!