How do you make your online database secure?

How should I set the API key, secret code and similar in the app?

In the specific design section of the component?

In the blocks section?

If it’s written in the app’s code, can’t an hacker find it by opening and looking at the apk’s code?

Hi, this issue has already been discussed more than once. You can’t save the API key in the app so that it can’t be retrieved. But you can make it more difficult to get it if you store it in encrypted form and decrypt it before using it. But here there is a second question that goes beyond the scope of this forum - and whether the hacker will be able to get the key at the time of sending it to the server?

wow, so our online databases are potentially completely vulnerable and am hacker could just find the keyand access it and change anything he wants?

How do I encrypt it? (But i feel that intercepting thesignalgoing to the server is not hard so it’s pointless, right?)

@maxb with Firebase, you can create security rules. The device accessing Firebase requires the endpoint url and apiKey, so in theory this is public information. See this post.

As far as Airtable goes, @actech’s suggestion of encryption makes sense. I’ve never looked into Airtable security and don’t know much about it.

My theory may be incorrect on this one, but you could use a public endpoint and re-direct requests to the private endpoint. That way you hide your keys and url. An intruder could still delete data from your database, but only through your public api, which would be set as the only allowed ip.

Either way, it is best practice to have security rules in place.

I know about firebase but im using cloudinary and airtable, if they are not hacker proof how can we create any serious app?

I thought of that “2 factors passage”, I thought of a site that stores the secret keys and has an automation that redirects what you send towards it, but I don’t know how to programsucha site, is it possibile?


This seems on par with the solution I stated previously.


Can’t seem to find a lot on this (I don’t use Cloudinary), but my guess is to utilize the same solution, or check if there is an option to only publish new images to Cloudinary, and not to delete them.

Ijust edited my last answer go check it if you want, do you upload images somewhere else or you just don’t upload them?

You could create such an application using Python and host it for free on Heroku. Python being my recommendation because it’s easy to learn, has lots of Stack Overflow topics on it & works with Heroku.

There may be no-code solutions out there, again I have no idea of something like Integromat or Zapier could achieve this.

Ok thx, maybe I’ll check it but there is so many things to learn, it was easier to directly learn java and program directly on android!