Hi, I’m building an app using Corona and this is how it’s working at the moment.
1> On start up App checks if you previously supplied login details, if not it prompt you to login and save the login details in the device and do a post network request through https to my server.
2> Then my server accept the credentials then do a curl call to another server through https connection and fetch data. My server process the data, then save the data in a json format outside public directory( ie /var/userdata/data.useremail.txt file). It caches the file for 5 mins. It then send the json data to my App.
3> App receives the json data and save it in the device. It then decode the json data and display in the app.
There is a refresh button in the app to reload data. Which follow the above steps.
If there are no network in the app. App uses previously saved data in the Device.
Questions:
1> As you can see I’m saving login details in a plain text format in the device. How secure it is ? Should I encrypt data login details and save? If so any example of lua encryption. Should I save in the SQL lite?
2> App is sending login details through https to my server, if users uses public wifi can anyone intercept the login details? I assumed since its going through https tunnel all data are secured!
3> Do I need to save user data in the Database instead of in the disk? Since i’m not doing any query to database I assumed I don’t need to use database ? Keep in mind I might get 50,0000 files? Should I dump json file in Google big Query?
4> My server environment is LAMP stack - 1GB Memory,1 Core Processor, 30GB SSD Disk, 2TB Transfer. What will happen if 10,0000 users send request to PHP script? Will it crash? Should I use Python?
Any advice or tip would be greatful.
Regards