Best Practice: Login Session on iOS
Ender Nafi Elekçioğlu
endernafi at gmail.com
Wed Apr 10 14:53:18 EDT 2013
Hello all,
Within all the hassle about the password problems of Community Edition 6.0,
I'm not sure if anyone has time to answer this; but I'd be glad to get some insights :)
As mentioned in the subject,
what's the best practice to create a login-required iOS app?
Is the below algorithm appropriate?
* get the username & password from the native input boxes
* encrypt them with *md5Digest*
{is md5Digest secure enough or is there any other encryption options for iOS?}
* post them to a php script in the server
* php script checks the md5'ed username & password against the members table in a mySql database
* get the answer of php script
* if it is ok, continue to the mainstack of app,
if it isn't then show the input screen again.
{should I count the login attempts to prevent a possible brute-force attack
or let the php script do the check counts of login attempts?}
Is there any possible issues which I should be careful about, considering Apple's reviewing policies?
I read a post of Jacque (Jacqueline L.G.) in the forums as:
"I would also wonder about Apple's response. They do not allow custom licensing schemes, …"
What's a custom licensing scheme?
There's something as "we should be able to load a license to devices" in my customer's notes.
May I reply to my customer that Apple strictly forbids this?
Thanks…
~ Ender Nafi
~… together, we're smarter …~
More information about the use-livecode
mailing list