Improve Flutter Application Security. Securing Your Flutter App. Flutter package dotenv.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone welcome back to my channel I am back again with another important interview questions which is app security one of the important features when it comes to app Security in several interviews you'll be asked directly about the security like how can you secure your application how can you secure your API key how can you secure your GWT token and all so in this video we will talk about that so stay with us we'll meet you right after this [Music] intro we as a developer generally hard code the API key into our source code we should not have to do like that so what's the solution developer should use the concept of environment variable for reading the value of API key into the project let's move towards dotpad and if you will see inside Main I'm using a string and passing the key into it so this is the general thing which as a software developer we used to do which is not correct how harmful is this I'll tell you after writing the code developer used to push the code to the git server now everybody in the world knows what your actual API key are even if your GitHub repo is private still it is accessible to all of your organization member or everybody who has access to that repo and if it is hacked then we are in a big trouble so always keep your API secure so how can we secure our API key good way of fixing this would be to utilize a package that allows us to load environment variables from the environment that we Define in our system and then we can reference it within our source code there is a package in flutter named flutter. EnV what actually this package does it allows you to create uh EnV file within the source code of the flutter application and Define all the environment variables there now if someone needs to now if someone needs to access your API Keys then you can give it to them by just telling them so now I will show you how to use this flutter. EnV package to store API key in our source code so I have installed the package flutter. EnV and along with that in your root directory you will have to create a file EnV so this is the file EnV and and here you will have to Define your all important Keys like I have declared some of the dummy Keys here client ID Google API key you can add your keys here and again inside this proect yaml you will have to add the path of this file the same as we used to do for assets and any fonts if we are taking so EnV you will have to also add the path and one more thing inside this git ignore file you will have to add this EnV file here so here I'm creating a class endpoints and I'm calling this client ID from EnV file this is the EnV file and I'm calling client ID so for that I will have to copy this and I will use this as a key so inside this EnV do EnV and inside this string I will have to use the same client ID text now how to get this value so for that you will have to make some changes inside main function a wait env. load inside this file name and file name would be NV this is the file name that we have created semicolon and where I want to use the the value of client ID inside this login screen I just want to show the client ID so inside this Center and as a text value I'm using this so endpoint do client ID so now let me run the application so this is the value this is the client ID now I will fetch Google API key from here and I am creating a string out of this class you can fetch the value like this also now I will have to copy [Music] this now inside this login screen I'll use directly Google API key with exclamation because it is nullable and when I will run the application here you can see that this is the API key so as a developer what we do with the API suppose stat string This is My URL like https this is my domain me spell it and I'll create here another end point which is home data suppose this is the endpoint home data for fetching the data of home screen so here domain plus home data and along with that I want to use this client ID this is the client ID now suppose this is the complete AP I now instead of this endpoint dot endpoint dot home data create this static we can fetch data like this also now if someone needs access to your API key then you can give it to them by just telling them what those API keys are so there are some different things when it comes to encryption how can we we encrypt the information that user generates from application on their devices so that it has to be decrypted in order to be useful and what are the reasons we might have to do this as an example login screen where user needs to input username and password and when hits the submit button or login button in response there is JWT token which as a developer we need to store in our local storage so that user will not have to login again and again next time when user will come he will directly redirect to home screen the basic thing as a developer we want to do is actually encrypt this information so that it would become difficult to decrypt to other users there are actually two package for that so if if you will go inside Pub Dev so there is one package named Hive so as you can see here lightweight and blazing fast key value database written in pure dot so if there are more number of keys that you want to store then you can use Hive otherwise there is also another package which is flutter Secure Storage this one flutter Secure Storage provides API to store data in Secure Storage keychain I'll made separate video for Hive and flutter secure storage so for that please subscribe to my channel and if you find something informative with this video please hit the thumbs up button and that's it in this video hope to see you next time in our next video bye for now

Info

Channel: thecodeme

Views: 383

Rating: undefined out of 5

Keywords: FlutterSecurity, AppSecurity, APIsecurity, EnvironmentVariables, DotenvPackage, SecureFlutterApps, FlutterDevelopment, SecureCoding, DataProtection, CyberSecurity, CodeSecurity, SecureApps, PrivacyProtection, AppDevelopment, FlutterTips, DeveloperCommunity, TechSecurity, DigitalPrivacy, flutter tutorial, flutter app development, dart language, easy UI with flutter, learn with flutter, make app with flutter, package of the week flutter, flutter package of the week, flutter user interface

Id: XimVPYF0VAk

Channel Id: undefined

Length: 11min 12sec (672 seconds)

Published: Thu Feb 08 2024