What's the best way to store data that one iOS app sends to another?
John Craig
john at splash21.com
Sun Apr 7 09:10:04 EDT 2013
I don't rely on SSL - to avoid any potential hassles with Apple's app
store - "Does your application use encryption?".
The scheme I did use will work happily with SSL, if the data is
sensitive, and without, for routine app data, game data, etc.
As an example, my requests to the server contain;
1/ a uuid
2/ current time
3/ md5 hash of user credentials + uuid + time
4/ any other data
The client first synchronizes it's time with the server. Each request
is only valid for 30 seconds (the server checks the time built into the
request). The server also temporarily stores the uuid, so it can only
be used once (auto deleted after 60 seconds - by which time the request
is no longer valid). The important user credentials are never sent as
plain text and each request is only valid once - anyone snooping can't
send the same request as the uuid will be rejected. The reason for
sending the uuid and time (which are also built into the md5 hash) is so
that the server can rebuild the same hash from the user credentials in
the database and verify a 'login'.
HTH
John.
On 06/04/2013 23:05, Geoff Canyon wrote:
> With on-rev, how do you handle authentication/a secure connection?
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
More information about the use-livecode
mailing list