My problem is :
1. I am developing an iPhone application i have proceded like this :
the user authentication, with a user name and a password ( after a verification with web services), my question is how it is stored the username and the password in my application. are there secured or did i proced to implement a secure mechanism ?
thanks for your answer
I am using SFHFKeychainUtils. It uses apple's Security Framework.
It's easy to use, to save a Username and Password:
[SFHFKeychainUtils storeUsername:userNameString andPassword:passwordString forServiceName:#"YourServiceName" updateExisting:TRUE error:&error];
and to retrieve the encrypted password for a Username
[SFHFKeychainUtils getPasswordForUsername:userNameString andServiceName:#"YourServiceName" error:&error];
Use the Keychain : Keychain iphone
Saving:
NSUserDefaults *userNamePrefs = [NSUserDefaults standardUserDefaults];
NSUserDefaults *passwordPrefs = [NSUserDefaults standardUserDefaults];
[userNamePrefs setObject:#"username" forKey:#"username"];
[passwordPrefs setObject:#"password" forKey:#"password"];
Retrieving
NSUserDefaults *userNamePrefs = [NSUserDefaults standardUserDefaults];
NSUserDefaults *passwordPrefs = [NSUserDefaults standardUserDefaults];
NSString *savedUsername = [prefs stringForKey:#"username"];
NSString *savedPassword = [prefs stringForKey:#"username"];
what else UITextbox User enter just match the string like
if ((usernameTextBox.Text isEqualToString(savedUsername)) && (passwordTextBox.Text isEqualToString(savedPassword)) ){
// pass authentication
}
else{
// show alert view fail authetication
}
Related
During the login request, password get stored. After this request I'm setting the password string with an empty character.
Does it really store in memory, if it does how would I check? And how do I wipe that off.
I'm already using ARC in my App.
//Stroe user information
NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
[prefs setObject:#"Moses" forKey:#"username"];
[prefs setInteger:42 forKey:#"age"];
[prefs synchronize];
//Getting the stored information
NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
NSString *username = [prefs stringForKey:#"username"];
NSInteger age = [prefs integerForKey:#"age"];
Storing a password in NSUserDefaults is insecure, since anyone who get access to the iPhone, can view the password.
you can check the string is empty..via
if([yourString isEqualToString:#""]){
NSLog(#"empty string");
}
I have a login view controller that uses the php/mysql/POST function to verify if a user is authorized. Once authorized, they enter the application.
My question is, once they are in the application, how do I "grab" their username and use it to append to any data that they upload to my database while they are in my app?
I am assuming I append it to my current NSMutableData string that carries the text blocks that they upload, but how would I "grab" this username to append it?
Assuming I have two view controllers, "login" and "main", and the content is being uploaded on "main", how do I pass the username from the "login" view to the "main" view so that I can append it when the user hits the upload button (which resides on the main view)?
EDIT: Where I want this username retrieved is in the following:
-(IBAction)uploadImage:(id)sender {
NSLog(#"uploadImage");
//and for retrieval
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
NSString *authenticatedUsersName = [defaults objectForKey:#"username"];
NSMutableString *postString = [NSMutableString stringWithString:kPostURL];
[postString appendString:[NSString stringWithFormat:#"&%#=%#", kText, textField.text]];
[postString setString:[postString stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]];
If you're not concerned with security of a username, why don't you store the username in NSUserDefaults upon successful authentication? You can do something like this....
//upon authentication...
NSUserDefault *defaults = [NSUserDefaults standardUserDefaults];
if ([defaults objectForKey:#"username"] == nil) //we haven't saved anything yet
[defaults setObject:authenticatedUsersName forKey:#"username"];
[defaults synchronize]; //saves the new defaults
//and for retrieval
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
NSString *authenticatedUsersName = [defaults objectForKey:#"username"];
I think this design gives you more flexibility so you can use the username across all view controllers in your app.
post re-edit
Why can't you just format the string somewhere in this function? Whats the exact post url format?
-(IBAction)uploadImage:(id)sender {
NSLog(#"uploadImage");
//and for retrieval
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
NSString *authenticatedUsersName = [defaults objectForKey:#"username"];
//MY CHANGES, CAN YOU DO EITHER OF THESE?
NSMutableString *postString = [NSMutableString stringWithString:[NSString stringWithFormat:#"%#-%#", kPostURL, authenticatedUsersName];
[postString appendString:[NSString stringWithFormat:#"&%#=%#&%#", kText, textField.text, authenticatedUsersName]];
[postString setString:[postString stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]];
}
An alternative method of having globally available variables is to use a singleton class.
This is slightly more difficult than Convolution's solution using NSUserDefaults, but it suits some use cases better.
There is a good tutorial at the following location:
http://www.galloway.me.uk/tutorials/singleton-classes/
At the start of my application i make my users to register first then take them to login View.I want to save the successfully registered users and let them get to the loginView instead of Register View.
How can i do this.As far i know iphone is registered as one user.Tell me what is the best way.And how to keep the user data and redirect to login view for a user?
Thanks
You can use NSUserDefaults to save user data such as login info.
Take a look at this tutorial and the reference
In Short, you would do something like:
Saving after registration:
NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
[prefs setObject:#"UserName" forKey:#"UserName"];
[prefs setObject:#"Pass" forKey:#"Pass"];
// This is suggested to synch prefs, but is not needed
[prefs synchronize];
Retrieving on app start:
NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
NSString *userName = [prefs stringForKey:#"UserName"];
NSString *pass = [prefs stringForKey:#"Pass"];
I want to introduce a cache policy in my app.
Basically I have made a web view in which I have the functionality that when I open up that I'll have to login ,
I want to store that data in the cache now ..
like Facebook app .. when I delete that app from the background and open it again .. i dont have to add all the detail again.
how to do this ?
Did you try NSUserDefaults
NSString *value = #"MyUsername#domain";
NSUserDefaults *userPreferences = [NSUserDefaults standardUserDefaults];
[userPreferences setObject:value forKey:#"username"];
To fetch from UserDefaults -
NSString *_value= [[NSUserDefaults standardUserDefaults] stringForKey:#"username"];
How to do I create a web/server session by accessing the web server from ios / iphone.
I have a app where I ask user for a username and password and using that information I want to login to a website using UIWebView and access the necessary information. Greatly aprreciate if you can answer my question.
NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
NSString *userType = [[loginArray valueForKey:#"Home"] valueForKey:#"userlogin_type"];
NSString *userLoginID = [[loginArray valueForKey:#"Home"] valueForKey:#"userlogin_id"];
NSString *userPwd = [[loginArray valueForKey:#"Home"] valueForKey:#"userlogin_password"];
//[prefs setObject:userPwd forKey:#"new_user_pwd"];
[prefs setObject:userType forKey:#"userType"];
[prefs setObject:userLoginID forKey:#"userLoginID"];
[prefs synchronize];//important this line
by using this u can maintain the session by verify this objects.
if u use the facebook sdk then
use
if(facbookObj.isSessionValid){
//session valid
}