Re: CoreData: Save password securly
Re: CoreData: Save password securly
- Subject: Re: CoreData: Save password securly
- From: Chris Hanson <email@hidden>
- Date: Wed, 13 Feb 2008 17:36:33 -0800
On Feb 13, 2008, at 4:14 PM, Adam Gerson wrote:
The problem with a hash is I don't just need to compare the values,
I need to send the value onto another server that expects it as
clear text.
Don't. In this day and age there shouldn't be such a thing as
"another server that expects [a password] as clear text."
Is there a way in cocoa to store it with a salt known only to me,
but then use that same salt in my code to reverse it back to clear
text? I guess its sounding more and more like Keychain is the right
way to go.
It sounds like what you really want is the Keychain, which it would be
nice to have a clean Objective-C API for (and for which I think
someone has created one as Open Source).
Regardless, though, whatever network service you're working with
should not be requiring a password to be sent in the clear. No IETF
protocol has allowed that except for development & debugging purposes
since the mid-1990s, and it's close to 15 years later. It's how
passwords get sniffed and stolen.
-- Chris
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden