Secure Login

[Pierre Sahores]

Hi,

The ways to go are the same we can use in any other n-tiers development contexts. The best is to set up a mix of the bellow ways to go :

1.- login/password where the credentials are send over the network as hashed data to be tested against server-side localhost-accessible SQL stored reference (the first time - no direct connexion between the client and the SQL backend but client to LC-server and LC-server to SQL backend in localhost mode. It's there preferable to rely on an ACID-SQL RDBMS alike PostgreSQL, Sybase, Oracle, etc...)
2.- if matching, a token based SQL stored session is started for further exchanges all along the time the client will have to exchange data with the server (time 2 to n) where a cookie/SQL session is used
3.- as an option, the HTTPS encryption can be add to 1 + 2, if your mobile application follows the Apple's iTunes rules in about encryption uses but, no one should be encouraged to use 3.- without 1.- + 2.- as long as HTTPS is't as secure anymore as it use to be in the past...
4.- the session have to ends up with the client logout + a default timeout option to be set in the LC coded authentication workflow.

As long as this authentication worklow matches, the data exchange between the client and the server continues and else it's interrupted and the client is prompted to login again to open a new trustable connexion.

Best regards,

Le 3 août 2012 à 00:10, ddas a écrit :

> Greetings All,
> 
> Is there a preferred way of securely logging in and exchanging data between rev IOS client and rev server.
> 
> Thanks,
> Debdoot
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

--
Pierre Sahores
mobile : 06 03 95 77 70
www.sahores-conseil.com