Yes, PULL only for the client.
I did look at the HTTPS, and did note that it failed. I took a look at the droplet, but this is somewhat out of my league.I’ll look forward to seeing a solution for that one 
A great job!
Hi,
I’ve added the instructions on enabling HTTPS to the this forum as a separate post.
Let me know if you have any issues.
-dev
-
I would suggest using HTTPS connections only.
-
If further security is required, the data can be obfuscated before sending and after retrieving using:
https://roaminggamer.github.io/RGDocs/pages/SSK2/libraries/security/
(This is a basic substitution-cipher encode/decode module).
- OR -
One can use one of the libraries provided w/ Corona (or plugins) to encrypt/decrypt data. However, once you do this, you need to mark your app as using encryption tech. My substitution-cipher module is the middle ground since it isn’t technically encryption.
Hi,
+1 to everything @roaminggamer noted.
Additionally, every SkyTable request is “signed” making it nearly impossible to recreate the request.
-dev
I current use Coronium to upload and download JSON files. Does SkyTable allow for data or just numbers and strings?
thanks,
Jonathan
Curious, can I use SSK to obfuscate my data and then use SSK to obfuscate the key for the original obfuscation? In other words, if I make a chain of keys, each obscured by your substitution-cipher module, would I be doing anything substantial or just making myself feel better?
You can embed the key in your code to make it harder to find. Then use the key to encode when uploading and decode when downloading.
I give an example of generating a key for embedding on the page linked above, but here is a direct link to the section:
https://roaminggamer.github.io/RGDocs/pages/SSK2/libraries/security/#embedding-a-key
Tip: Where you store your key is going to be a similar problem regardless of whether you use my module or another solution.
PS - You can also save/restore key to/from file, but I’m not talking about this above.
As far as encoding a key with a different cipher. Probably just a waste of time.
-Ed
@roaminggamer What about saving the key to your keychain using the new Keychain plugin? Your key would then be secure in a format native to your device so it would avoid tagging your app as an encrypted data user.
As long as you don’t lose the original key it should be fine. However, if you lose the key, you will out of luck for decrypting.
You could generate a key at run time
Save it on the keychain.
Use that key forever after.