storing passwords
storing passwords
- Subject: storing passwords
- From: "David A. Feldman" <email@hidden>
- Date: Tue, 24 Dec 2002 09:47:53 -0500
I suppose this is as much a generic development question as a Cocoa
one, but perhaps someone can help me. I have an app that logs onto
remote AppleShare servers. I've been having a lot of difficulty getting
it to work with the Keychain -- and have posted here before about that
-- but I'm realizing that for unattended operation (which is desirable
for this app) the Keychain may not be the best option anyway, since
whenever there's a change to the OS it re-requests permission to unlock
the Keychain.
I don't have a lot of experience writing security code. So, what I'm
wondering is this. Is there a way to securely store and retrieve users'
passwords and save them in the app's data file? Some way to encrypt in
such a way that my app can decrypt but no one else can? Furthermore,
the data file is human-readable (and XML property list). If encrypted
passwords are stored in it, is there any way to tighten security
further so that someone who gains access to the data file can't just go
ahead and use the encrypted password with a copy of my app to gain
access to the remote server(s)? And if not, will users see that as a
potential security hole? Thanks.
--Dave
------------------------------------------------------------------------
--
David A. Feldman
User Interface Designer
email@hidden
http://InterfaceThis.com
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.