This is more of a design question than anything else.
I have an app that I am starting to migrate to have an offline mode. I am using SQLite with GRDB wrapper. Each time a user authenticates I download a set of user profile data i.e. user ID, date added, access level, profile image url, settings etc. I then store this information in to a local SQLite table which matches the structure of the MYSQL online version.
I am also storing an auth token and password in the keychain and using these for all communications to the server (no user ID) after authentication.
My question is, once a user logs out should I drop the existing tables in SQLite therefore clearing all previous users data and start clean for the current user?
My concern is about the security of the information from the previous user being available if say, user1 logged in to the app on a friends phone. Without clearing the information upon log out would this data be available to the new user? Obviously not through the app itself but through some other form of view the SQLite information.
All sensitive information i.e. passwords etc are stored in keychain.
I realise this could be an opinion base question but thats what I am looking for, just some opinions on what you think COULD work best.
Thanks
Aucun commentaire:
Enregistrer un commentaire