What's the best way to store data that one iOS app sends to another?

John Craig john at splash21.com
Sun Apr 7 17:36:36 EDT 2013


In my case, the user credentials are an app id and a password.  They are 
set up manually, beforehand, to allow any number of app instances 
running on users' devices to connect and share data.
If you want to create actual user accounts through your app and don't 
want to send plain text then you're going to have to use encryption.

John


On 07/04/2013 21:52, Alex Tweedly wrote:
> I'm probably missing something very obvious ....
>
> If you don't use encryption or SSL, how do the user's credentials 
> initially get onto the server so that they can subsequently be checked ?
>
> -- Alex.
>
> On 07/04/2013 14:10, John Craig wrote:
>> I don't rely on SSL - to avoid any potential hassles with Apple's app 
>> store - "Does your application use encryption?".
>> The scheme I did use will work happily with SSL, if the data is 
>> sensitive, and without, for routine app data, game data, etc.
>>
>> As an example, my requests to the server contain;
>> 1/ a uuid
>> 2/ current time
>> 3/ md5 hash of user credentials + uuid + time
>> 4/ any other data
>>
>> The client first synchronizes it's time with the server.  Each 
>> request is only valid for 30 seconds (the server checks the time 
>> built into the request).  The server also temporarily stores the 
>> uuid, so it can only be used once (auto deleted after 60 seconds - by 
>> which time the request is no longer valid).  The important user 
>> credentials are never sent as plain text and each request is only 
>> valid once - anyone snooping can't send the same request as the uuid 
>> will be rejected.  The reason for sending the uuid and time (which 
>> are also built into the md5 hash) is so that the server can rebuild 
>> the same hash from the user credentials in the database and verify a 
>> 'login'.
>>
>> HTH
>>
>> John.
>>
>>
>> On 06/04/2013 23:05, Geoff Canyon wrote:
>>> With on-rev, how do you handle authentication/a secure connection?
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your 
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>>
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your 
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>





More information about the use-livecode mailing list