|
|
|
|
|
|
by roc
5477 days ago
|
|
|
I would think encrypting the third-party tokens with the user's password would be a decent start. When the user's password is verified, it could be used to unlock those tokens and store them in the active session structure in RAM. There'd still be some exposure, particularly in the case of being rooted, but an attacker couldn't just dump the database. |
|
|