如何存储非标准的Web认证?

发布于 2024-11-07 04:26:56 字数 562 浏览 4 评论 0原文

在与我的应用程序通信的 Web API 中,身份验证过程按以下方式设计:

  1. 用户输入他/她所属的名称。
  2. 服务器发送群组成员列表。
  3. 用户选择用户名并输入密码
  4. 我的应用程序将由组 id用户 id密码 构造的哈希发送到服务器以验证凭据,并在验证成功的情况下使用在进一步的交易中使用这个哈希值。

通过此过程,我没有收到标准 NSURLConnection 消息,例如 connection:canAuthenticateAgainstProtectionSpace:connection:didReceiveAuthenticationChallenge:
我本身可以处理它,但是当涉及到安全存储凭证时,我感到困惑。有没有办法通过一些内置的 iOS SDK 方法来做到这一点,或者我必须手动将哈希值写入文件中?正确的方法是什么?

In the web API my app communicates with, the authentication process is designed in the following way:

  1. The user enters the name of the group that he/she belongs to.
  2. The server sends the list of group members.
  3. The user chooses a user name and types a password.
  4. My app sends a hash constructed of the group id, user id and password to the server to validate the credentials and in case of successful validation uses this hash in further transactions.

Having this process, I do not get standard NSURLConnection messages like connection:canAuthenticateAgainstProtectionSpace: or connection:didReceiveAuthenticationChallenge:.
I can deal with it per se, but when it comes to securely storing the credentials, I get confused. Is there a way to do this via some built-in iOS SDK methods or I have to write the hash in a file manually, for example? What's the proper way?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

萧瑟寒风 2024-11-14 04:26:56

钥匙串似乎是存储用户凭据/哈希的最佳选择。
查看 http://developer.apple。 com/library/mac/#documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html

https://github.com/ldandersen/scifihifi-iphone/tree/05e64ff2814a8192c43f1f81eb8e09dc3764fa18/security

  • 请注意,虽然钥匙串可能是 iOS 中存储此类数据最安全的地方,但它并不完全安全。但考虑到您要存储的数据,这可能已经足够了。

编辑:查看 http://overhrd.com/?p=208
您可以通过这种性质的简单调用来访问钥匙串上的数据:

[Keychain setString:@"hashhashhash" forKey:@"userHash"];

// later on…
[Keychain getStringForKey:@"userHash"];

The keychain seems the best option to store the user's credentials/hash.
Check out http://developer.apple.com/library/mac/#documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html

And https://github.com/ldandersen/scifihifi-iphone/tree/05e64ff2814a8192c43f1f81eb8e09dc3764fa18/security

  • Be aware that while the keychain is probably the safest place in iOS to store this kind of data, it isn't entirely secure. But considering the data you want to store, it's probably well enough.

Edit: Look at http://overhrd.com/?p=208
You'd be able to access the data on your keychain with simple calls of this nature:

[Keychain setString:@"hashhashhash" forKey:@"userHash"];

// later on…
[Keychain getStringForKey:@"userHash"];
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文