What's the best way to store data that one iOS app sends to another?

John Craig john at splash21.com
Sun Apr 7 09:10:04 EDT 2013


I don't rely on SSL - to avoid any potential hassles with Apple's app 
store - "Does your application use encryption?".
The scheme I did use will work happily with SSL, if the data is 
sensitive, and without, for routine app data, game data, etc.

As an example, my requests to the server contain;
1/ a uuid
2/ current time
3/ md5 hash of user credentials + uuid + time
4/ any other data

The client first synchronizes it's time with the server.  Each request 
is only valid for 30 seconds (the server checks the time built into the 
request).  The server also temporarily stores the uuid, so it can only 
be used once (auto deleted after 60 seconds - by which time the request 
is no longer valid).  The important user credentials are never sent as 
plain text and each request is only valid once - anyone snooping can't 
send the same request as the uuid will be rejected.  The reason for 
sending the uuid and time (which are also built into the md5 hash) is so 
that the server can rebuild the same hash from the user credentials in 
the database and verify a 'login'.

HTH

John.


On 06/04/2013 23:05, Geoff Canyon wrote:
> With on-rev, how do you handle authentication/a secure connection?
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>




More information about the use-livecode mailing list