There’s a sync_metadata.realm file in our app directory that isn’t encrypted. An attacker with access the file system could compromise a user’s session credentials from an unencrypted Realm metadata file. I’m trying to figure out how I can encrypt this file. Are there any api’s available to help me do this or would something like this need to be done by Realm with an sdk update or something?
Thanks
I think I figured it out. Found this: Add ability to encrypt metadata · Issue #4054 · realm/realm-java · GitHub
I guess I can use the encryption key for the AppConfiguration object. I’m planning on using the same encryption key used with other realms.
Anyone know if there’s any backwards compatibility issues here if I start to encrypt the metadata?
To answer my question again, there doesn’t seem to be any backwards compatibility issues. The file gets encrypted if the app is getting updated with the metadata encryption change and there’s no unencrypted file left hanging around.
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.