Re: What's the best way to store data that one iOS app sends to another?

Sun, 07 Apr 2013 13:52:54 -0700 

I'm probably missing something very obvious ....
If you don't use encryption or SSL, how do the user's credentials initially get onto the server so that they can subsequently be checked ? 

-- Alex.

On 07/04/2013 14:10, John Craig wrote:

I don't rely on SSL - to avoid any potential hassles with Apple's app 
store - "Does your application use encryption?".
The scheme I did use will work happily with SSL, if the data is 
sensitive, and without, for routine app data, game data, etc.


As an example, my requests to the server contain;
1/ a uuid
2/ current time
3/ md5 hash of user credentials + uuid + time
4/ any other data


The client first synchronizes it's time with the server.  Each request 
is only valid for 30 seconds (the server checks the time built into 
the request).  The server also temporarily stores the uuid, so it can 
only be used once (auto deleted after 60 seconds - by which time the 
request is no longer valid).  The important user credentials are never 
sent as plain text and each request is only valid once - anyone 
snooping can't send the same request as the uuid will be rejected.  
The reason for sending the uuid and time (which are also built into 
the md5 hash) is so that the server can rebuild the same hash from the 
user credentials in the database and verify a 'login'.


HTH

John.


On 06/04/2013 23:05, Geoff Canyon wrote:

With on-rev, how do you handle authentication/a secure connection?

_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com

Please visit this url to subscribe, unsubscribe and manage your 
subscription preferences:

http://lists.runrev.com/mailman/listinfo/use-livecode



_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com

Please visit this url to subscribe, unsubscribe and manage your 
subscription preferences:

http://lists.runrev.com/mailman/listinfo/use-livecode



_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode






















					Reply via email to