How to privately store JSON files and retrieve with mobile app

Question

I am writing an app using PhoneGap on an AngularJS framework. With this application, I download and store files from a remote source (e.g. www.website.com/example.json). Thinking about it more, I really don't want to give people the ability to access this files publicly by just spidering my website.

My question is: what would be a simple, yet effective solution to making these files private, but still accessible by my mobile app? Maybe with some sort of key system?

Thanks!

Answer 1

You could zip the files with a password, and use a Phonegap FileTransfer and ZIP plugin to download the zip and extract it. There's a few ZIP plugins out there, and FileTransfer is part of Phonegap, and Javascript

http://docs.phonegap.com/en/3.3.0/cordova_file_file.md.html#FileTransfer https://github.com/phonegap/phonegap-plugins/tree/DEPRECATED/iOS/ExtractZipFile (deprecated - not sure where the current version is)

If the JSON files are small enough you can also encrypt them into a AES encoded string, using the Javacsript Crypto Library:

https://code.google.com/p/crypto-js/#AES

Or you can do it all, encrypt your data, ZIP it with a password, transfer over HTTPS

Answer 2

You could use htpasswd to protect the file(s) and then use jquery ajax to send the credentials.

Example:

var endpoint = 'http://user:password@my.domain.com/file/path/file.ext';

$.ajax({
    url: endpoint,
    type: 'GET',
    async: false,
    username: 'user',
    password: 'password',
    success: function(result, status, xhr) {
        //something if it works
    },
    error() {
        //something if it doesn't work
    }
});