Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
Re: Where does the login name and password are stored
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Where does the login name and password are stored

Title: Re: Where does the login name and password are stored

Thanks for the reply.

Is there a Keychain API which does the password encryption?

>On Nov 1, 2009, at 3:05 PM, Jens Alfke wrote:

> On Oct 30, 2009, at 10:53 PM, Dhruva T S wrote:
>> Is there a way to get the user login name and password using objective-C,
>> after the user logs in?
> NSUserName() returns the username. As far as I know, there is no way to get the password, for security reasons. You should prompt the user for their LDAP password, then use the SecKeychain APIs to save the password; that way the user only has to enter it the first time the app launches.

> And before you prompt the user for his password and store it *anywhere* (keychain or not), please make an effort to make do without this. How you might go about this depends a lot on what you need it for, of course. A good approach in many cases, is to arrange for a derived secret (some key or secondary password) that is only valid for the interaction you require, and store *that* instead of the primary user password, which is rather more valuable (because users tend to reuse them in all kinds of dangerous places).

  -- perry
Perry The Cynic                                             email@hidden
To a blind optimist, an optimistic realist must seem like an Accursed Cynic.

Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Visit the Apple Store online or at retail locations.

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.