You can have user/pw authentication on your HTTP server like you have on FTP. It requires server side programming though.
From my read of that block post, it will encrypt/decrypt a string. JSON is a string. You json.encode your table to get a string, then json.decode a JSON string to create a table.
The encrypted data is binary, if you’re going to transmit that via an HTTP web service, you probably should base64 encode it for safe transmission. The blog post I believe covers it.
HTTPS: uses SSL to do it’s encryption. You can use https: to have your data encrypted between endpoints (your browser and server, your app and server), but HTTPS would be useless if the browser didn’t decrypt it the data.
May i make a suggestion?
Would it be possible to add, to the individual pages within the API documentation, pages recommended by Corona developers? So, all the tutorials and maybe some forum topics that help outline the usage of such items (I know that if the OpenSSL tutorial page had been referenced within the crypto.* area, then I would never have raised this topic)
Just FYI, I too have voted for Binary protection 
Hi,
Man all the stuff that complicates an indie shop trying to develop a simple little app. I’d like to encrypt some of the game data. I was planning on using the Corona SSL lib. I will only be using it for that purpose, not making remote secure connections etc. It appears that shipping encryption libraries as part of your code base requires additional paperwork to be filed.
Is this true? Has anyone gone through the process? Is it worth the effort, meaning there are bigger fish to fry versus worrying about locking down your app from piracy / data manipulation etc?
Thanks.
I am looking at using the “htaccess” method to password protect a directory on my web server that hosts my downloadable content. Should Corona’s network.request API be able to pass the username and password needed to access the content for download?
I was able to get the “htaccess” method working! Glad to have at least a little basic authentication before the user can download content.
My only concern is, if the download is taking longer than say 15 minutes, normally in a web browser the user would be asked to enter login information again, does Corona store this information so the download would continue without any interuptions?
You would have to store your own credentials and resend them. However, credentials should be used on a connection by connection basis. That is you’re going to send the Username/Password when you first make the request. It’s not sent on a data packet by data packet basis. So you would only need to resend it if you made another request.
Sorry, I fixed my problem - My own stupidity…
im getting a plugin cannot be downloaded for openssl
nvm i got it
I noticed requiring the openssl plugin in build settings puts a small delay on simulator load time (not sure about devices). It’s less snappy when I make a change and simulator auto-reloads.
Not a huge issue or anything but does it connect to somewhere every time simulator starts?
from what i understand on the sim the plugin is downloaded each time its ran but on devices its bundled into the build
Correct, it downloads the plugin for the sim each time, so depending on your bandwidth you could feel the download.
OK thanks. I have a lot of bandwidth but I’m far away, so its a noticeable delay. Its a little bit of a bummer, one of the great things about Corona is that you can see your changes instantly in the simulator
The simulator implementation of the plugin should only be redownloaded if there is a change to it on our side after you get it initially. That said the simulator does reach out and check that it has the most recent version on each launch (afaik).
good to know since my internet is limited
Sorry don’t have an answer to this, but am interested in the topic. Unfortunately from what I’ve seen so far, Corona lacks some really important security features.
For example they released a Zip plugin which is awesome, but it does not support password protection… after spending literally over a year on my current app, I am sad that I cannot protect my assets that need to be downloaded.
We desperately need some security, even just basic encrypt decrypt.
Done and done. After reading that voting post I just realized how scary it really is that we have no encryption. I use the ICE library to save and load values in my app. I use this to save whether or not a user has purchased certain pieces of in app content.
A user could just open their file explorer and edit the saved ICE data to unlock content couldn’t they?!
Cant you use the OpenSSL plugin for this?
@Rob, I’m not sure I understand well enough what OpenSSl does. I was just reading the documentation, sounds like it wraps an unsecure connection and encrypts it?
I’m not sure that this would be helpful in protecting our app assets seeing as we are talking about after the app or content has been downloaded, a user could then access it on device and manipulate it?