I have no idea how to store username and password details so that the user does not have to login everytime for the iPhone app.
Can anyone lead me in the right direction? I can't seem to find what to do.
Thanks!
You should be using the Keychain API. It will encrypt the data (not hash, as if you have to send it a the server, then the hash wouldn't be any use).
It's a bit of a pain, so take a look at some of sample code and 3rd-party wrappers available on the internet.
You can use Core Data or SQLite or any other storage (XML, JSON), since there are no cookies in iPhone.
Core Data
http://developer.apple.com/iphone/library/documentation/DataManagement/Conceptual/iPhoneCoreData01/Introduction/Introduction.html
SQLite
http://dblog.com.au/iphone-development-tutorials/iphone-sdk-tutorial-reading-data-from-a-sqlite-database/
Also remember to hash the password you should use MD5 at least.
Related
I would like to know, how much amount of data can be stored inside the iOS key-chain?
When refer online, i can see the urls which talks about storing username and password. not storing the db inside.
Please let me know, can we store db inside the keychain?
how to store the db more securely.
Help me up
No, it's not intended as a general-purpose secure datastore.
From the iOS App Programming Guide (emphasis mine):
Keychain Data
A keychain is a secure, encrypted container for passwords and other secrets. The keychain is intended for storing small amounts of sensitive data that are specific to your app. It is not intended as a general-purpose mechanism for encrypting and storing data.
What you probably could do is store the data in more conventional places, and secure the decryption key in the keychain.
i'm developing an iPhone app for the first time. I know that username and password commonly stored in KeyChain. How about data like FirstName, ProfilePictureUrl, I got the data from a rest api. Since those data (firstname...) barely changed, i'm thinking to store it somewhere locally. SHould I use KeyChain as well? or SQLLite? XML?
thanks
you can use sqlite to store them in a local database. or NSUserDefault if you are not expecting massive data.
the simplest solution would be to store them in a .plist file
an example tutorial can be found here: http://ipgames.wordpress.com/tutorials/writeread-data-to-plist-file/
If I have a password variable that is used for remote SSL authentication, is it secure to store in the source code?
e.g.
NSString * password = #"password";
Are there better way?
Update: Sorry for confusion, I am not storing the user password, instead, I am storing a password that is used to call our own backend, all the app will use the same password.
My new answer:
Try not to use static passwords to access the back-end, period. What happens if somebody you don't want determines what that password is. Why not use usernames & passwords?
You can also consider using a public key or embedded certificate to allow only your app access to the back end servers.
My original answer:
Sounds like you want to get to know the Keychain.
Here's a tutorial that talks about it:
http://maniacdev.com/2011/07/tutorial-how-to-use-the-ios-keychain-to-store-names-and-passwords/
And here is a related question that talks about the security of Keychain under iOS.
You shouldn't have programs a store static password for all users, but instead have each user set up his/her account & password for authentication and then store that stuff in the keychain.
Any text contained within your application is easily extractable. There's no real way around this - using the strings tool, anyone can see any and all text content statically embedded into your app. However, there are some ways around this - notably, if you split up your string into several static strings and concatenate in the right order, it will be much more difficult to reverse engineer the password contained in your app.
I recommend you take a look at a similar question (How Safe is Information Contained within iPhone App Compiled Code), and specifically, my answer to that question, for a more in-depth explanation of what I mean. (Nimrod's comment on that question is also interesting.)
NO!
build your app. Go to the terminal and type strings and then drag your executable to terminal and press return... You'll see your secret password in plain text :)
You should store its hash.
i am able to create sqlite database using firefox addon and use database in iPhone. Now I want to give the the password to database and used it in my iPhone application. i tried a lot on google to search the proper way yo create password protected database but still no success.
anybody have idea that how can create the password protected sqlite database and how can we use it in iPhone
Try SQLiteEncrypt.The SQLiteEncrypt is an AES encryption embedded SQLite database engine through which you can encrypt and decrypt your SQLite database file. When set a password key into your database file, content is no longer stored in cleartext, so that we achieve the purpose of data protection.
But it is not free.
Note: But IT is not for iOS (thanks brad to pointed it out).
*Edit***
For iPhone you can use SQLCIPHER which is an open source full database encryption for sqlite.
Unfortunately, there is no free solution for doing that.
There are some commercial applications, which allows sqlite database encryption.
Also, there is virtual filesystem support in SQLite, where you can change calls which reads/writes data to SQLite database, however that will require some coding.
I need to implement data encryption in my app locally, as well as transfer data over the network, after encrypting it.
Can anyone help me by guiding me to good documentation or resources to acheive this? I have looked upon Apple's cryptoClient application but it's too cryptic(contains Bonjour sharing etc. which I don't need).
Use ZipArchive to encrypt the files (check the documentation, there is a way to zip the data with a password) and since you are gonna transfer the data over the network you should make it as small as possible by zipping it.
This is a great tutorial on using ZipArchive:
http://icodeblog.com/2010/04/12/creating-a-document-centric-iphoneipad-application-with-own-file-format-using-ziparchive/
You can have a look at SQLCipher to encrypt sqlite database, which can store your data locally and to transfer over internet you can simply use HTTPS.