This repository has been archived by the owner on Apr 15, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 426
Fix vulnerabilities and refactoring #160
Open
hluhovskyi
wants to merge
4
commits into
omadahealth:master
Choose a base branch
from
hluhovskyi:master
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rsion. Refactoring
…odeDataStorage in separate module.
hluhovskyi
force-pushed
the
master
branch
3 times, most recently
from
October 26, 2017 15:14
0095350
to
f928337
Compare
So, is there any chance that PR will be merged? Cause for my project it is critical. Please, left some comments and I will be glad to help with any changes or improvements related to this PR. |
Can't take grade changes. It's what we use with local maven repo to test
…On Oct 29, 2017 1:32 PM, "Artem Glugovsky" ***@***.***> wrote:
So, is there any chance that PR will be merged? Cause for my project it is
critical. Please, left some comments and I will be glad to help with any
changes or improvements related to this PR.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#160 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFHsdH8oUV-NEB_axWXeqwMb8MGAInoZks5sxODCgaJpZM4QGLPS>
.
--
This email may contain material that is confidential and/or privileged for
the sole use of the intended recipient. Any review, reliance, or
distribution by others or forwarding without express permission is strictly
prohibited. If you are not the intended recipient, please contact the
sender and delete all copies. Also note that email is not an appropriate
way to send protected health information to Omada Health employees. Please
use your discretion when responding to this email.
|
Gradle*
…On Oct 29, 2017 6:41 PM, "Dae Park" ***@***.***> wrote:
Can't take grade changes. It's what we use with local maven repo to test
On Oct 29, 2017 1:32 PM, "Artem Glugovsky" ***@***.***>
wrote:
> So, is there any chance that PR will be merged? Cause for my project it
> is critical. Please, left some comments and I will be glad to help with any
> changes or improvements related to this PR.
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <#160 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AFHsdH8oUV-NEB_axWXeqwMb8MGAInoZks5sxODCgaJpZM4QGLPS>
> .
>
--
This email may contain material that is confidential and/or privileged for
the sole use of the intended recipient. Any review, reliance, or
distribution by others or forwarding without express permission is strictly
prohibited. If you are not the intended recipient, please contact the
sender and delete all copies. Also note that email is not an appropriate
way to send protected health information to Omada Health employees. Please
use your discretion when responding to this email.
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The main purpose of this PR to fix few vulnerabilities.
Due to fact that password is stored in shared preferences and algorithm of passcode is well known cause library is open source, so it is possible to create hash of own passcode and put it instead of original one on rooted devices. Then attacker can enter his passcode and get secured data.
Example:
<string name=”PASSCODE_KEY” value=”xxxx”>
Fix performed – split storage from AppLock. It gives ability to implement own secured storage and use instead of default shared preferences. Also PR provides Realm implementation of storage which will be useful for developers who already uses Realm in project.
Second one – ability to enter passcode infinity times. It’s because count of attempts isn’t stored somewhere.
Condition - there is 5 attempts to enter correct password. If all attempts user enters incorrect passcode he logged out from application.
Example:
Fix performed – store attempts count in storage.
Also this PR contains slight refactoring and dependency version updates.
Changes:
Ready for discussion.