Quote:
|
Originally Posted by BBM_
Just a quick question from a security point of view (apologies, I have not had a chance to test the module yet)
Will users have the same login info as the full site ( I assume they would ) and are these passwords able to be stored on the device in an encrypted / non readable format?
Just looking to migrate risks of potential lost devices with admin access.
Many thanks for the clarification.
|
It is impossible to get the users passwords from the mobile device somehow just because the device doesn't receive, save or cache user passwords from the x-cart server.
In the same time the authorization process doesn't require admin's email and/or password too. Instead of it the App uses a secret key. The key must be generated by the admin at backend and stored in the app's settings. In case if the device has been lost or stollen the admin should generate new access key asap.