patterncsharpMinor
Small android app that gives a movie based on the chosen genre
Viewed 0 times
theandroidappmoviegenrechosengivesthatsmallbased
Problem
Working on my first "big" project using the mighty Xamarin. Likewise my first venture in XAML so I suppose most focus will be going towards these new areas. Performance- and user-experience related remarks are welcome as well though. Or you know, just any issue you can see.
The solution consists of 3 actively used projects (the 4th - MoviePicker.Android - doesn't contain any platform-specific code). There's the shared Xamarin.Forms project, a ASP.NET Web Api 2 project and a PCL to share models between the API and the app. I will omit the PCL since it's just a few models with JSON annotations.
Web API
WebApiConfig
BaseController
MovieController
```
namespace MoviePickerApi.Controllers
{
[RoutePrefix("api/movies")]
public class MovieController : BaseController
{
public MovieController()
{
Client.GetConfig();
}
[Route("~/api/genres")]
[HttpGet]
[ResponseType(typeof(IEnumerable))]
public IHttpActionResult GetGenres()
{
return Ok(Client.GetGenres());
}
[Route("~/api/genres/{id:int}")]
[HttpGet]
[ResponseType(typeof(IEnumerable))]
public IHttpActionR
The solution consists of 3 actively used projects (the 4th - MoviePicker.Android - doesn't contain any platform-specific code). There's the shared Xamarin.Forms project, a ASP.NET Web Api 2 project and a PCL to share models between the API and the app. I will omit the PCL since it's just a few models with JSON annotations.
Web API
WebApiConfig
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "test",
routeTemplate: "api/{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new {id = RouteParameter.Optional}
);
}
}BaseController
public class BaseController : ApiController
{
protected const string ApiKey = "Will_Move_To_AppSettings";
protected TMDbClient Client = new TMDbClient(ApiKey);
}MovieController
```
namespace MoviePickerApi.Controllers
{
[RoutePrefix("api/movies")]
public class MovieController : BaseController
{
public MovieController()
{
Client.GetConfig();
}
[Route("~/api/genres")]
[HttpGet]
[ResponseType(typeof(IEnumerable))]
public IHttpActionResult GetGenres()
{
return Ok(Client.GetGenres());
}
[Route("~/api/genres/{id:int}")]
[HttpGet]
[ResponseType(typeof(IEnumerable))]
public IHttpActionR
Solution
I'm just going to comment on one line:
As you confirmed, you're currently storing passwords in the clear. Encrypting passwords is not the right solution either.
Cryptographic Right Answers (2009, Colin Percival, author of scrypt)
Password handling: As soon as you receive a password, hash it using
scrypt or PBKDF2 and erase the plaintext password from memory.
Do NOT
store users' passwords. Do NOT hash them with MD5. Use a real key
derivation algorithm. PBKDF2 is the most official standard; but scrypt
is stronger. Please keep in mind that even if YOUR application isn't
particularly sensitive, your users are probably re-using passwords
which they have used on other, more sensitive, websites -- so if you
screw up how you store your users' passwords, you might end up doing
them a lot of harm.
How To Safely Store A Password (2010)
Use bcrypt
Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt.
Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt.
How to securely hash passwords? (2013)
Conclusion
Use bcrypt. PBKDF2 is not bad either. If you use scrypt you will be a
"slightly early adopter" with the risks that are implied by this
expression; but it would be a good move for scientific progress
("crash dummy" is a very honourable profession).
if (dbUser == null || dbUser.Password != user.Password)As you confirmed, you're currently storing passwords in the clear. Encrypting passwords is not the right solution either.
Cryptographic Right Answers (2009, Colin Percival, author of scrypt)
Password handling: As soon as you receive a password, hash it using
scrypt or PBKDF2 and erase the plaintext password from memory.
Do NOT
store users' passwords. Do NOT hash them with MD5. Use a real key
derivation algorithm. PBKDF2 is the most official standard; but scrypt
is stronger. Please keep in mind that even if YOUR application isn't
particularly sensitive, your users are probably re-using passwords
which they have used on other, more sensitive, websites -- so if you
screw up how you store your users' passwords, you might end up doing
them a lot of harm.
How To Safely Store A Password (2010)
Use bcrypt
Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt.
Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt.
How to securely hash passwords? (2013)
Conclusion
Use bcrypt. PBKDF2 is not bad either. If you use scrypt you will be a
"slightly early adopter" with the risks that are implied by this
expression; but it would be a good move for scientific progress
("crash dummy" is a very honourable profession).
Code Snippets
if (dbUser == null || dbUser.Password != user.Password)Context
StackExchange Code Review Q#61840, answer score: 5
Revisions (0)
No revisions yet.