What's the best way to store data that one iOS app sends to another?
Richard Gaskin
ambassador at fourthworld.com
Sun Apr 7 17:54:39 EDT 2013
John Craig wrote:
> In my case, the user credentials are an app id and a password. They are
> set up manually, beforehand, to allow any number of app instances
> running on users' devices to connect and share data.
> If you want to create actual user accounts through your app and don't
> want to send plain text then you're going to have to use encryption.
One method Dave Cragg, me, and others have used is a home-grown
quasi-HTTPS-like scheme in which the client first handshakes with the
server to obtain a token, which is a hash of the IP address, time stamp,
and some salt, and that token is used as a key to send the
authentication data, after which all other data uses a less derivable
method.
While imperfect, and of course no substitute for just using a cert, it
keeps the credentials reasonably well protected since hacking it
requires both spoofing the IP address of the client and doing so within
a limited time frame.
--
Richard Gaskin
Fourth World
LiveCode training and consulting: http://www.fourthworld.com
Webzine for LiveCode developers: http://www.LiveCodeJournal.com
Follow me on Twitter: http://twitter.com/FourthWorldSys
More information about the use-livecode
mailing list