1

My problem is : 1. I am developing an iPhone application i have proceded like this : the user authentication, with a user name and a password ( after a verification with web services), my question is how it is stored the username and the password in my application. are there secured or did i proced to implement a secure mechanism ?

thanks for your answer

Kshitiz Ghimire
  • 1,716
  • 3
  • 18
  • 37
izan
  • 727
  • 2
  • 11
  • 22

3 Answers3

6

I am using SFHFKeychainUtils. It uses apple's Security Framework. It's easy to use, to save a Username and Password:

[SFHFKeychainUtils storeUsername:userNameString andPassword:passwordString forServiceName:@"YourServiceName" updateExisting:TRUE error:&error];

and to retrieve the encrypted password for a Username

[SFHFKeychainUtils getPasswordForUsername:userNameString andServiceName:@"YourServiceName" error:&error];
Pascalius
  • 14,024
  • 4
  • 40
  • 38
2

Use the Keychain : Keychain iphone

Community
  • 1
  • 1
Michaël
  • 6,676
  • 3
  • 36
  • 55
-2

Saving:

NSUserDefaults *userNamePrefs = [NSUserDefaults standardUserDefaults];
NSUserDefaults *passwordPrefs = [NSUserDefaults standardUserDefaults];

[userNamePrefs setObject:@"username" forKey:@"username"];
[passwordPrefs setObject:@"password" forKey:@"password"];

Retrieving

NSUserDefaults *userNamePrefs = [NSUserDefaults standardUserDefaults];
NSUserDefaults *passwordPrefs = [NSUserDefaults standardUserDefaults];

NSString *savedUsername = [prefs stringForKey:@"username"];
NSString *savedPassword = [prefs stringForKey:@"username"];

what else UITextbox User enter just match the string like

if ((usernameTextBox.Text isEqualToString(savedUsername)) && (passwordTextBox.Text isEqualToString(savedPassword)) ){
    // pass authentication
}
else{
  // show alert view fail authetication
}
Appz Venture
  • 939
  • 1
  • 13
  • 28
  • 5
    You save the password as plain text in the user defaults?! I really really hope that I have and will never ever use an app from you – JustSid Mar 21 '11 at 11:45
  • 1
    no i just recommend, its mean not that u forcefully use that. i just have a optional advice infact me to use SFHFKeychainUtils in my apps for security purpose... Its just easy thats why, sorry if u mind – Appz Venture Mar 21 '11 at 11:55