Thread-topic: Where does the login name and password are stored
Title: Re: Where does the login name and password are stored
Thanks for the reply.
Is there a Keychain API which does the password encryption?
>On Nov 1, 2009, at 3:05 PM, Jens Alfke wrote:
>
> On Oct 30, 2009, at 10:53 PM, Dhruva T S wrote:
>
>> Is there a way to get the user login name and password using objective-C,
>> after the user logs in?
>
> NSUserName() returns the username. As far as I know, there is no way to get the password, for security reasons. You should prompt the user for their LDAP password, then use the SecKeychain APIs to save the password; that way the user only has to enter it the first time the app launches.
> And before you prompt the user for his password and store it *anywhere* (keychain or not), please make an effort to make do without this. How you might go about this depends a lot on what you need it for, of course. A good approach in many cases, is to arrange for a derived secret (some key or secondary password) that is only valid for the interaction you require, and store *that* instead of the primary user password, which is rather more valuable (because users tend to reuse them in all kinds of dangerous places).
Cheers
-- perry
---------------------------------------------------------------------------
Perry The Cynic email@hidden
To a blind optimist, an optimistic realist must seem like an Accursed Cynic.
---------------------------------------------------------------------------
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
