stackoom
  简体   繁体   中英

What's the safest way to create an 'always logged in' IOS app?

 原文  2013-04-07 17:52:17       ios/ security/ authentication

Question

I'm writing code where the user signs up for an account with an e-mail+password. I would like to have login credentials stored in the IOS app, and then used for all remote actions the user makes (create order, update account info, etc.).

Is it safe to store the password in the IOS keychain using PDKeychainBindings and then send the user/pass over HTTPS for every request to the servers?

Is there a better/safer way?

2 answers

solution1
 4  2013-04-07 18:01:03

There are two ways:

1)You can use KeyChain: http://developer.apple.com/library/ios/#documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html

Example: 

//Initializing
KeychainItemWrapper *keychainItem = [[KeychainItemWrapper alloc] initWithIdentifier:@"YourAppLogin" accessGroup:nil];
//Saving
[keychainItem setObject:@"password you are saving" forKey:kSecValueData];
[keychainItem setObject:@"username you are saving" forKey:kSecAttrAccount];
//Getting
NSString *password = [keychainItem objectForKey:kSecValueData];
NSString *username = [keychainItem objectForKey:kSecAttrAccount];
//deleting
[keychainItem resetKeychainItem];

2)You can use NSUserDefaults 

NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
NSString *pword = [prefs setObject:@"yourpassword" ForKey:@"password"];
NSString *username = [prefs setObject:@"username" ForKey:@"username"];
[prefs synchronize];
//getting 
NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
NSString *pword = [prefs objectForKey:@"password"];
NSString *username = [prefs objectForKey:@"username"];

Method 1 is more secure than method 2. You can make method 2 more secure by encrypting your password and username.

Hope this helps..

solution2
 4 ACCPTED  2013-04-07 18:26:16

The safest way is not saving the password. Usually, when first connecting, you exchange the username & password for a permanent authorization token.

You then save this token into the keychain and all other server requests are authorized only by the token. You ask the user to enter password again only if the token becomes invalid. (it's permanent, so it shouldn't expire but it can be invalidated by the server).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What's the best way to create a FAQ page for ios app Always logged in my android and ios app for mobile Swift 3: What's the safest way to unwrap optional values coming from an array? What's the best and safest practice for releasing outlets? iOS: What's a safe way to create a temporary directory? What's the quickest way to force an iOS app to crash? What's the best way to keep ios app signed in? What's the best way for an iOS app to retrieve its URL scheme? What's a reliable way to make an iOS app crash? What's the correct way to submit 2 versions of an iOS app?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM