Can these files be easily encrypted to prevent users (with jailbroken iPhones) from modifying values?
What you're after is the Keychain api. Other apps on jailbroken devices can get TO your keychain values, but they're encrypted.
Here's a decent tutorial I just googled up.
You can use Secure-NSUserDefaults, it is a good way to prevent you plists from being changed.
You can get the code at: https://github.com/matthiasplappert/Secure-NSUserDefaults
Good luck!
Related
I am relatively new iphone developer. I need authentication process for my apps and I need the password and username to stored securely. I had read up some of the topics relating this in this forum.
It seems that the keychain is the better way to store the data securely and I come across the post about recommending this library.
PDKeychainBindingsController
I have tried the library and it is as easy to use as NSUserDefault. But what confuses me is that NSUserDefaults is not used in the first place to store credentials because their content can be easily hacked as some of the post mentioned.
Then my question here is that how secured is it to use above mentioned library as it still uses NSUserDefault to access keychain and my key in NSUserDefault would be still visible if the NSUserDefault is hacked.
I am a bit confused on that part and I would like any clarification on the topic if possible. I think I am missing something.
When you use PDKeychainBindingsController, you should call [PDKeychainBindings sharedKeychainBindings] and then set/get all string to/from the keychain. The PDKeychainBindingsController will call keychain API(which is C, hard to use) for you.
That means actually all [[PDKeychainBindings sharedKeychainBindings] setObject:... forKey...] will be kept in keychain. Don't worry to use it!
Where can I find a good detailed tutorial using sskeychain to store and retrieve usernames and passwords and to do basic authentication in a UIWebView? Secondarily, am I on the right track as far as the methods needed to store and use authentication for a web based application? (See explanation below.)
I found a couple tutorials using different methods:
Interacting with keychain directly
Handmade keychain wrapper (sic)
SFHFKeychainUtils
According to recommendations from other SO questions below, sskeychain is recommended for an easier use of the keychain to store authentication parameters.
Cocoa interface to MacOS X Keychain
https://stackoverflow.com/questions/8381072/save-username-and-password-for-url-like-gmail-com-iphone
My plan is to store a username and password locally on the device in the keychain as recommended and connect over a UIWebView using basic auth to my PHP code. Is there a good step by step tutorial for xcode/Obj-C newbies on the topic of user authentication that would be recommended by experienced iOS developers?
The Apple documentation seems less than helpful. It's either pages with simple sales jargon or just head imploding descriptions of methods and parameters without many helpful examples.
Update:
I ended up just using NSUserDefaults to store the username and password locally and the AFNetworking library to do the authentication. If these are unwise I'd welcome an answer that supplies guidance on a better method.
Using AFNetworking to do the authentication and calls to the server is great! But I would highly discourage you from storing credentials (username and password) in NSUserDefaults, since the contents are stored in a plist as plain text and can be read just by plugging your device to a mac. I recommend you to check these other questions and great post of a well-known case for further details on the topic.
You were right going for Keychain and using SSKeychain is easy and fast. You can find this good example on how to use SSKeychain to locally store the credentials.
// Store credentials in Keychain
[SSKeychain setPassword:#"thePassword"
forService:#"com.yourCompany.yourApp"
account:#"theUserName"];
// Retrieve credentials from Keychain
NSString *password = [SSKeychain passwordForService:#"com.yourCompany.yourApp"
account:#"theUserName"];
If you want to do basic auth, you might be better off using a networking service like AFNetworking. They all you to create a webclient, pass in a username/password combination and they take care of the rest.
This link show you the exact method call you need to invoke:
http://engineering.gowalla.com/AFNetworking/Classes/AFHTTPClient.html#//api/name/setAuthorizationHeaderWithUsername:password:
There is also a large community and a bunch of examples of developers using AFNetworking in all types of iOS project.
I would recommend to you to use
Lockbox
It's lightweight, works with ARC and easy to use.
I don't want to use NSUserDefaults as I have been told it's not a good way to save a username and password.
So I was going to use a Keychain, but I have never used them before. Can some one please just a give a quick example of one or point me in the direction of an example ? Thanks.
I Use the open source SSKeychain wrapper around the the C api used by the keychain.
It's convenient, easy to use, and works on Mac OS and iOS.
This is the best I have found till date... It five a very simple implementation of saving passwords and username to keychain. Please remember to include security framework in your project.
https://web.archive.org/web/20160305031351/http://iosdevelopertips.com/core-services/using-keychain-to-store-username-and-password.html
Keep in mind that this doen't work on simulator.
It's seems that there is a Jailbroken way to fetch them, but now using iCloud for instance, is there any a new way to get them ?
I saw nothing reading the documentation, but I may have missed something.
I suppose you mean Safari's bookmarks? That's not possible without jailbreaking. Each app (or group of apps by the same publisher) has its own container directory in iCloud, there's no way to get at another app's data.
What are the best practices for setting up multi user functionality in an iPad app?
I am trying to start an ios project for iPad which will create new username, and password, as well as managing different users on a given device locally on the iPad in order to access the app itself. Something like what keeper does when you first open the app comes into mind.
What are the most suitable practices for achieving something like this? Can anybody point me in the right direction?
The solution I opted for is to create a table with Core Data and store username and a mod5 representation of the password. Unfortunately everywhere I looked it showed that keychain only saves passwords for what it assumes to be the only user using the device.
You can use Sci-fi Hi-fi keychain utils, which is a sweet wrapper around Keychain. It allows storing passwords on a per-user and per-service basis. I'd advise storing your usernames somewhere (CoreData, maybe) and then querying through SFHF to see if the password's valid.