Why is this approach "safer" than just putting API keys into the source code? AFAIK plists are not encrypted, so we're facing the same issue here as in `UserDefaults` vs `Keychain`, meaning a hacker can access these plists without a lot of hassle.
I am penetration tester. Testing on a staging environment and found one production api key is hard-coded in js file at client side. How can I use that production key to show some impact ?
Why is this approach "safer" than just putting API keys into the source code?
AFAIK plists are not encrypted, so we're facing the same issue here as in `UserDefaults` vs `Keychain`, meaning a hacker can access these plists without a lot of hassle.
Would this works outside of Xcode meaning app in the appstore
Thanks a lot very informative video
Thank you very much.
Pleasure!
Thanks 🙏 for the guide Kelvin. So much love from me…take care of your child 👦 and I pray 🙏 for the child’s restoration of good health
Thank you, take care :)
I found a production api key when testing on staging environment. What's impact?
Sorry I don’t understand your question
I am penetration tester. Testing on a staging environment and found one production api key is hard-coded in js file at client side.
How can I use that production key to show some impact ?
What would be a better practice instead of using this approach?
I don’t know of a better approach. Even if you are working with REST service, you typically toggle between 2 sets of APIs
🙏 thanks
Hope you found it useful!