Storing Username/Password: Best Practice?
2,926 views
Skip to first unread message
avoision
Mar 15, 2011, 11:24:49 AM3/15/11
to phonegap
Hi all -
New to mobile development, but have been getting my hands dirty and
feeling pretty comfortable (and enjoying things to boot).
In the app I'm making, I want to prompt the user for a username and
password, and then store it. Pretty basic stuff. Note: my goal is to
have this app working on iPhone and Android (eventually).
In looking around for approaches, I'm not sure of the best course to
take. I walked through Jonathan Stark's example iPhone app and my
impulse was to go with using localStorage:
http://ofps.oreilly.com/titles/9780596805784/ch05.html
In searching the Phonegap Google Group, I found this older discussion
that mentions cookies:
http://groups.google.com/group/phonegap/browse_thread/thread/cb37991473f5dcf4/b99120b6963c300e?lnk=gst&q=password#b99120b6963c300e
In terms of security, is it better to store username and password
values within a database? Seems like overkill, but I know little of
the security side of things.
I've also seen mention of Lawnchair, which looks like it's another
storage mechanism that relies on JSON (and saves you from having to
create SQL statements).
I see several approaches that can complete the task at hand (save
username/password), but I'm not sure how to weigh the merits, each to
each. I'm also pretty clueless when it comes to security, so I'm
hoping to get advice from folks who've done this before.
Thanks in advance for your time!
-Felix
New to mobile development, but have been getting my hands dirty and
feeling pretty comfortable (and enjoying things to boot).
In the app I'm making, I want to prompt the user for a username and
password, and then store it. Pretty basic stuff. Note: my goal is to
have this app working on iPhone and Android (eventually).
In looking around for approaches, I'm not sure of the best course to
take. I walked through Jonathan Stark's example iPhone app and my
impulse was to go with using localStorage:
http://ofps.oreilly.com/titles/9780596805784/ch05.html
In searching the Phonegap Google Group, I found this older discussion
that mentions cookies:
http://groups.google.com/group/phonegap/browse_thread/thread/cb37991473f5dcf4/b99120b6963c300e?lnk=gst&q=password#b99120b6963c300e
In terms of security, is it better to store username and password
values within a database? Seems like overkill, but I know little of
the security side of things.
I've also seen mention of Lawnchair, which looks like it's another
storage mechanism that relies on JSON (and saves you from having to
create SQL statements).
I see several approaches that can complete the task at hand (save
username/password), but I'm not sure how to weigh the merits, each to
each. I'm also pretty clueless when it comes to security, so I'm
hoping to get advice from folks who've done this before.
Thanks in advance for your time!
-Felix
Garry Taylor
Mar 15, 2011, 11:50:06 AM3/15/11
to phon...@googlegroups.com
Lawnchair is good, but it's asynchronous way of working might be a pain for you (it was for me). In terms of storing username/password, I don't think DB is overkill, I would not worry about performance issues or anything for just getting username/password once per login.
--
You received this message because you are subscribed to the Google
Groups "phonegap" group.
To post to this group, send email to phon...@googlegroups.com
To unsubscribe from this group, send email to
phonegap+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/phonegap?hl=en?hl=en
For more info on PhoneGap or to download the code go to www.phonegap.com
Giacomo Balli
Mar 15, 2011, 12:54:36 PM3/15/11
to phonegap
localstorage is perfectly fine...
On Mar 15, 4:50 pm, Garry Taylor <taylor.ga...@gmail.com> wrote:
> Lawnchair is good, but it's asynchronous way of working might be a pain for
> you (it was for me). In terms of storing username/password, I don't think DB
> is overkill, I would not worry about performance issues or anything for just
> getting username/password once per login.
>
>
>
> On Tue, Mar 15, 2011 at 3:24 PM, avoision <felixj...@gmail.com> wrote:
> > Hi all -
>
> > New to mobile development, but have been getting my hands dirty and
> > feeling pretty comfortable (and enjoying things to boot).
>
> > In the app I'm making, I want to prompt the user for a username and
> > password, and then store it. Pretty basic stuff. Note: my goal is to
> > have this app working on iPhone and Android (eventually).
>
> > In looking around for approaches, I'm not sure of the best course to
> > take. I walked through Jonathan Stark's example iPhone app and my
> > impulse was to go with using localStorage:
>
> >http://ofps.oreilly.com/titles/9780596805784/ch05.html
>
> > In searching the Phonegap Google Group, I found this older discussion
> > that mentions cookies:
>
> >http://groups.google.com/group/phonegap/browse_thread/thread/cb379914...
On Mar 15, 4:50 pm, Garry Taylor <taylor.ga...@gmail.com> wrote:
> Lawnchair is good, but it's asynchronous way of working might be a pain for
> you (it was for me). In terms of storing username/password, I don't think DB
> is overkill, I would not worry about performance issues or anything for just
> getting username/password once per login.
>
>
>
> On Tue, Mar 15, 2011 at 3:24 PM, avoision <felixj...@gmail.com> wrote:
> > Hi all -
>
> > New to mobile development, but have been getting my hands dirty and
> > feeling pretty comfortable (and enjoying things to boot).
>
> > In the app I'm making, I want to prompt the user for a username and
> > password, and then store it. Pretty basic stuff. Note: my goal is to
> > have this app working on iPhone and Android (eventually).
>
> > In looking around for approaches, I'm not sure of the best course to
> > take. I walked through Jonathan Stark's example iPhone app and my
> > impulse was to go with using localStorage:
>
> >http://ofps.oreilly.com/titles/9780596805784/ch05.html
>
> > In searching the Phonegap Google Group, I found this older discussion
> > that mentions cookies:
>
Robert Fletcher
Mar 15, 2011, 12:57:55 PM3/15/11
to phon...@googlegroups.com
what if you have a website that uses a cms like wordpress and you want the username/password to match what theyve used in the cms.
im guessng i would need to modify the login script to output a msg. that my script could look for. and then if it receives this msg then it would allow the user to login in the app. i can then store what theyve typed in a database using localstorage.
if they key in a nonmatching u/p combo then they fail.
hmm, how hard do you think it will be write all of that?
anyone done this yet?
Shazron Abdullah
Mar 15, 2011, 2:28:40 PM3/15/11
to phon...@googlegroups.com
At least on iOS, if you want the storage to be secure (to a point), you could always use the KeyChain plugin.
https://github.com/phonegap/phonegap-plugins/tree/master/iPhone/Keychain
https://github.com/phonegap/phonegap-plugins/tree/master/iPhone/Keychain
Shazron Abdullah
Mar 15, 2011, 2:31:42 PM3/15/11
to phonegap
avoision
Mar 15, 2011, 3:08:46 PM3/15/11
to phonegap
Ah! Very helpful, Shazron! I got things working using the basic
localStorage approach... but it feels a bit like hiding a key under a
rock on my front doorstep.
Really appreciate the heads-up regarding the KeyChain plugin (I had
read about this approach, but figured it was outside of PhoneGap's
reach). Thanks again!
localStorage approach... but it feels a bit like hiding a key under a
rock on my front doorstep.
Really appreciate the heads-up regarding the KeyChain plugin (I had
read about this approach, but figured it was outside of PhoneGap's
reach). Thanks again!
Jesse MacFadyen
Mar 15, 2011, 3:23:29 PM3/15/11
to phon...@googlegroups.com, avoision
It's actually more like hiding your key in your pocket.
--
--
Jesse MacFadyen
{
blog:'blogs.nitobi.com/jesse',
email:'jesse.m...@nitobi.com',
company:
{
name:'Nitobi Software',
site:'www.nitobi.com',
phone:
{
office:'+1 (604) 685-9287',
tollFree:'1-866-632-2777'
}
}
}
Someone would need access to your phone to get the credentials.
--
You received this message because you are subscribed to the Google
Groups "phonegap" group.
To post to this group, send email to phon...@googlegroups.com
To unsubscribe from this group, send email to
phonegap+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/phonegap?hl=en?hl=en
For more info on PhoneGap or to download the code go to www.phonegap.com
--
--
Jesse MacFadyen
{
blog:'blogs.nitobi.com/jesse',
email:'jesse.m...@nitobi.com',
company:
{
name:'Nitobi Software',
site:'www.nitobi.com',
phone:
{
office:'+1 (604) 685-9287',
tollFree:'1-866-632-2777'
}
}
}
Reply all
Reply to author
Forward
0 new messages