[iOS] Ask password not encrypted?

[Bob Sneidar]

There are a number of reasons for encrypting passwords. First, let's say you stored user accounts and passwords on a web server unencrypted. There are multitudinous examples of web servers getting hacked into via some bit of software on the side or directly, and once that happens you will have exposed all your users accounts to the hacker. Not only that, but many people use the same credentials for everything, including banking, their logon's at work, etc. So perhaps the data you are storing isn't that critical, but you can see how the credentials are a gold mine. Anyone with a list of them can begin trying them on virtually anything on the internet using software crafted for that purpose. 

Further, traffic can be intercepted and monitored, by someone on a wireless that is bridged to your LAN or else by someone connected via Ethernet. Credentials passed over the network in "clear text" is a MAJOR no-no. 

The best way IMHO to encrypt a password in LC is to get it clear text and then use the encryption library to encrypt it yourself using a seed value that only you know. AES 128 will suffice for most things, but some government agencies and companies require AES 256. It is actually very simple to implement. Read up a bit in the dictionary on the subject. 

Ideally your connection to an SQL server should use SSL as well, so that all traffic to and from is encrypted. Even if the server is local to your application, it is a good practice. Not incorporating encryption in a commercial application can open you up to all kinds of legal ramifications. 

Bob


On Feb 28, 2012, at 8:56 AM, Joe Lewis Wilkins wrote:

> Hi Jaqi,
> 
> There have got to be dozens of LC users out there who are in the same boat as I am; so here goes:
> 
> Why are strings encrypted? I "vaguely" understand the concept, but the expression is bandied about so freely that I figure someone must know something that I don't know. Unless it serves a purpose beyond what I think it does, it seems to me to just overly complicate things that are already pretty complicated. I don't like the thought of dealing with more levels of complication than is absolutely necessary. Of course, I can be pretty naive about some things! (smile) Also, I'm honest and I understand that much of the world is not.
> 
> TIA,
> 
> Joe Wilkins
> Architect
> 
> 
> 
> On Feb 28, 2012, at 8:38 AM, J. Landman Gay wrote:
> 
>> encrypted string
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode