Best Practice: Login Session on iOS
Posted: Thu Apr 11, 2013 1:29 am
Hello all,
As mentioned in the subject,
what's the best practice to create a login-required iOS app?
Is the below algorithm appropriate?
* get the username & password from the native input boxes
* encrypt them with *md5Digest*
{is md5Digest secure enough or is there any other encryption options for iOS?}
* post them to a php script in the server
* php script checks the md5'ed username & password against the members table in a mySql database
* get the answer of php script
* if it is ok, continue to the mainstack of app,
if it isn't then show the input screen again.
{should I count the login attempts to prevent a possible brute-force attack
or let the php script do the check counts of login attempts?}
Is there any possible issues which I should be careful about, considering Apple's reviewing policies?
I read a post of Jacque ( viewtopic.php?f=49&t=13526&p=65150 ) as:
"I would also wonder about Apple's response. They do not allow custom licensing schemes, …"
What's a custom licensing scheme?
There's something as "we should be able to load a license to devices" in my customer's notes.
May I reply to my customer that Apple strictly forbids this?
Thanks…
~ Ender Nafi
As mentioned in the subject,
what's the best practice to create a login-required iOS app?
Is the below algorithm appropriate?
* get the username & password from the native input boxes
* encrypt them with *md5Digest*
{is md5Digest secure enough or is there any other encryption options for iOS?}
* post them to a php script in the server
* php script checks the md5'ed username & password against the members table in a mySql database
* get the answer of php script
* if it is ok, continue to the mainstack of app,
if it isn't then show the input screen again.
{should I count the login attempts to prevent a possible brute-force attack
or let the php script do the check counts of login attempts?}
Is there any possible issues which I should be careful about, considering Apple's reviewing policies?
I read a post of Jacque ( viewtopic.php?f=49&t=13526&p=65150 ) as:
"I would also wonder about Apple's response. They do not allow custom licensing schemes, …"
What's a custom licensing scheme?
There's something as "we should be able to load a license to devices" in my customer's notes.
May I reply to my customer that Apple strictly forbids this?
Thanks…
~ Ender Nafi
