security

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Chinese

AES-256-GCM: Use Authenticated Encryption for all sensitive storage.
Secret Storage: Mandatory use of
```
flutter_secure_storage
```
for encryption keys and master-derived keys.
Key Derivation: Mandate NIST-approved hashing (Argon2id) for master password derivation before local storage encryption and export.
Memory Safety: Strictly clear sensitive variables (passwords, keys) from memory when the operation finishes or the app enters the background.
Clipboard Safety: Mandate programmatic clearing of sensitive data (OTPs, Passwords) after a short duration (30-60s).
Biometric Gate: Mandatory local authentication for any view, export, or destructive action.
Audit Log: All security-sensitive actions should be logged via
```
AppLogger
```
(excluding raw secrets).

Input Validation: Validate and sanitize all user-facing input fields before processing or storage.
HTTPS Only: All API communication MUST use HTTPS. Consider certificate pinning for sensitive applications.
Token Storage: STRICTLY prohibit storing tokens, API keys, or credentials in source code or public repositories. Use
```
flutter_secure_storage
```
or environment-based injection.

输入校验：所有面向用户的输入字段在处理或存储前都必须经过校验和清理。
仅HTTPS：所有API通信必须使用HTTPS。敏感应用可考虑证书绑定。
令牌存储：严格禁止在源代码或公共仓库中存储令牌、API密钥或凭证。请使用
```
flutter_secure_storage
```
或基于环境变量的注入方式。