I don't want to use NSUserDefaults as I have been told it's not a good way to save a username and password.
So I was going to use a Keychain, but I have never used them before. Can some one please just a give a quick example of one or point me in the direction of an example ? Thanks.
I Use the open source SSKeychain wrapper around the the C api used by the keychain.
It's convenient, easy to use, and works on Mac OS and iOS.
This is the best I have found till date... It five a very simple implementation of saving passwords and username to keychain. Please remember to include security framework in your project.
https://web.archive.org/web/20160305031351/http://iosdevelopertips.com/core-services/using-keychain-to-store-username-and-password.html
Keep in mind that this doen't work on simulator.
Related
thanks for the help
I have made a simple login system with email and password when the user logs in he gets a hidden userID and token from the webservice to navegate the app.
I want to save the UserID and the token in the app to use it in other classes but i dont know how to do that.
I had the idea of creating a void that holds the information but when i try to access it from other classes it doesn't work, i also tryied NSUserdefautls but i have been told that doing that is not safe so i gave up on that.
I tried keychain but i also managed to fail using that.
I really dont know what to do, can someone help me :)?
i just need a light in the end of the tunel here !haha
thank you very much.
The keychain is a good option for this, get Keychain wrapper code to make it easier.
Look for keychain helper software in CocoaPods, either add the pod or just copy the source files into your project.
You can use [NSUserDefaults standardUserDefaults] for this. But it is not a safe way to do this.
You can use third-party classes like Lockbox to store data in keychain securely. You can find more of these classes in CocoaPods.
I am relatively new iphone developer. I need authentication process for my apps and I need the password and username to stored securely. I had read up some of the topics relating this in this forum.
It seems that the keychain is the better way to store the data securely and I come across the post about recommending this library.
PDKeychainBindingsController
I have tried the library and it is as easy to use as NSUserDefault. But what confuses me is that NSUserDefaults is not used in the first place to store credentials because their content can be easily hacked as some of the post mentioned.
Then my question here is that how secured is it to use above mentioned library as it still uses NSUserDefault to access keychain and my key in NSUserDefault would be still visible if the NSUserDefault is hacked.
I am a bit confused on that part and I would like any clarification on the topic if possible. I think I am missing something.
When you use PDKeychainBindingsController, you should call [PDKeychainBindings sharedKeychainBindings] and then set/get all string to/from the keychain. The PDKeychainBindingsController will call keychain API(which is C, hard to use) for you.
That means actually all [[PDKeychainBindings sharedKeychainBindings] setObject:... forKey...] will be kept in keychain. Don't worry to use it!
I am building an Apple developer analytics app, which displays info stored in itunesconnect Daily Sales Reports. Thus I would like to automatically download these Daily Sales Reports (which I achieved by using this script). This app will be released on the Mac App Store and is sandboxed.
Am I allowed to ask for and store a user's itunesconnect password?
If so, what is the correct way to do it?
EDIT:
Thank you James and Michael, Keychain Services is definitely the way to go.
I do have one follow up question.
The answer is yes, thank you James and Michael, and the correct way to store it is with Keychain Services. I used an objective-c wrapper that you can find here.
Disregard my earlier comment, I misunderstood your question (I thought you were trying to access a database). If the user gives you the information willingly, there is not problem; the issues would arise if you tried to trick the users into giving you the information. As for the correct way to do this, you could just ask them to put in their password, giving them the ways you would use them. There would, however, possibly be legal issues down the road if you use the passwords in a different way then you tell the user.
I am an iPhone Developer, now I am making an App that need to run commands (like "launchctl")
The only way I can launcht is with root privileges, but i dont know how to get root privileges.
I want to call it with System("launchctl....") or there is other way?
Thanks in advance ;)
You cannot get root privileges if your going to distribute this in the App Store. However, you can get root access if you're developing this for jailbroken devices.
I built a jailbreak app once that was trying to do something similar. I wasn't using launchctl, but I was issuing a call using system().
What I found was that even if I let my app run as user root, which requires more than what edc1591 outlined in his comment above, system calls would still run whatever command you passed it (e.g. launchctl) with user mobile privileges. (Aside: I think the reason might be related to this issue).
If you want to do that, I found a rather convoluted way of doing so. See that answer here.
First of all, using system(); is a C method and is not very reliable at all for executing commands like that, (I know from experience).
What you would want to do, is copy the NSTask.h file from the foundation.framework into your project window and use it. the way to find it is by opening a new project for the mac and clicking show in finder on the foundation.framework and then copy it. (Make sure to remove the lines near the top that check if you have Mac OS 10.6 or greater)
Then try running it. If it still doesn't have the right privileges, try looking into setuid(); but other than that, i don't know how it's done.
Maybe you can contact the developer of iFile, he would know how...
Unfortunately, there is no Apple sanctioned way to do this. In other words, apps that require root access will not be approved for use in the App Store. It is possible that Apple will grant an exception, but that's is seriously, extremely, unlikely.
What are the best practices for setting up multi user functionality in an iPad app?
I am trying to start an ios project for iPad which will create new username, and password, as well as managing different users on a given device locally on the iPad in order to access the app itself. Something like what keeper does when you first open the app comes into mind.
What are the most suitable practices for achieving something like this? Can anybody point me in the right direction?
The solution I opted for is to create a table with Core Data and store username and a mod5 representation of the password. Unfortunately everywhere I looked it showed that keychain only saves passwords for what it assumes to be the only user using the device.
You can use Sci-fi Hi-fi keychain utils, which is a sweet wrapper around Keychain. It allows storing passwords on a per-user and per-service basis. I'd advise storing your usernames somewhere (CoreData, maybe) and then querying through SFHF to see if the password's valid.