1

I have a service with a Django-based RESTful API that is designed for iOS devices to access. I'd like to store some user data on the server -- non-sensitive things like favorites for example. I don't want to make a new user create an account, but I would like for the data to not be publicly available. The service also uses Apple's Push Notification Service (APNS). All traffic to and from the service uses TLS/SSL.

I am considering using a CFUUID generated by the device on first launch as a username and the token provided by APNS as a password. I would create a user account after I successfully register the device with APNS and update the password if the APNS token changes.

Is this a bad idea? Is there a better approach?

Erik
  • 7,479
  • 8
  • 62
  • 99
  • One issue in using a CFUUID as a username in Django is that User model in django.contrib.auth is 30 characters or fewer. I believe that can be addressed by the methods suggested in http://stackoverflow.com/questions/11150516/can-i-convert-a-cfuuid-to-30-characters-or-less. – Erik Jul 05 '12 at 18:42

1 Answers1

0

The approach I've decided to take is the above but without using the APNS token as a password. Instead, the CFUUID and token are sent as form-encoded data in the body of an HTTPS PUT request with a server-generated password to returned in the body of the response.

Erik
  • 7,479
  • 8
  • 62
  • 99