0

I am trying to make a simple password protected app using a text file to store the password that the user entered. I want to take whats in a text field store it in a file and ultimately compare whats in that file to what the user enters in another text field. here is what I have: 

 //Setting the string to hold the password the user has entered
    NSString *createPassword1 = passwordSet.text;

    //creating a muttable array to store the value of createPassword1
    NSMutableArray *passwordArray = [NSMutableArray array];

    //storing createpassword1 into the first element of the array
    [passwordArray addObject:createPassword1];

    NSLog(@"%@",[passwordArray objectAtIndex:0]);//seeing if it is stored correctly (it is)


    //path for searching for the file
    NSString *path = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
    //my filename
    NSString *fileName = @"PasswordFile.txt";

    NSString *fileAndPath = [path stringByAppendingPathComponent:fileName];

    if (![[NSFileManager defaultManager] fileExistsAtPath:fileAndPath]) {
        [[NSFileManager defaultManager] createFileAtPath:fileAndPath contents:nil attributes:nil];
    }

    [[[passwordArray objectAtIndex:0] dataUsingEncoding:NSUTF8StringEncoding] writeToFile:fileAndPath atomically:YES];

Any help will be greatly appreciated thank you.

SpaceDust__
  • 4,844
  • 4
  • 43
  • 82
Andy
  • 281
  • 2
  • 7
  • 23
  • Make `.plist` file instead of `.txt` file ..... !! and do google for it there're many sample code for this ... Good Luck !! – TheTiger Dec 17 '12 at 19:23
  • 1
    Writing the plaintext password to a text file is a terrible idea (very insecure). You really should use the keychain for this. Grab the `KeychainItemWrapper` class from the `GenericKeychain` sample app. – rmaddy Dec 17 '12 at 19:29
  • Yeah agree ... keychain is better !! – TheTiger Dec 17 '12 at 19:31
  • "I am trying to make a simple password protected app" - for this simplified use (I guess no state secrets are being handled with this app) I don't think cryptography is really necessary and it suffices to store the password just not in the documents directory. – Mario Dec 17 '12 at 19:32
  • @Mario Perhaps - but pointing out a better approach is helpful. The OP may not understand the impact of their decision. Requirements change over time. Using the keychain is probably the better long-term choice. – rmaddy Dec 17 '12 at 19:38
  • [Storing passwords in iPhone applications](http://stackoverflow.com/questions/523627/storing-passwords-in-iphone-applications) ... See this link ... I cant help by code because I dont have mac right now but I would like to suggest you. @Andy – TheTiger Dec 17 '12 at 19:41

1 Answers1

1

What you do is too complicated. Why do you use a NSMutableArray ("passwordArray") to store a single password? Why do you convert it to NSData and write this to a file? Just use a string and use its writeToFile method. Alternatively use NSArray's writeToFile method.

Alternatively, and my personal favorite: use NSUSerDefaults à la:

[[NSUserDefaults standardUserDefaults] setValue: myPasswordString forKey:@"appPassword"]];

EDIT in response to some comments: The above only applies if used in a "trivial" app that needs password-protection in a very low-level manner. Anything to protect really sensitive data should be handled differently. The original poster explicitly stated

I want to take whats in a text field store it in a file and ultimately compare whats in that file to what the user enters in another text field.

So one can assume that high-level security is not an issue here.

Mario
  • 4,530
  • 1
  • 21
  • 32
  • Not necessarily. If multi-user is needed (which would make sense for the use of an array), just store the array instead of a string in userDefaults – Mario Dec 17 '12 at 19:27
  • But dude passwords is not only the thing which he will have to store. He would like to know which password is of which user :) ... Yeah You can save a everything in `NSUserDefaults` but it will make it little hard !! – TheTiger Dec 17 '12 at 19:30
  • @VakulSaini A dictionary of username/passwords is trivial to do with `NSUserDefaults`. – rmaddy Dec 17 '12 at 19:31
  • @maddy - In coding there are many methods to do same thing but we always try to find the better one .... !! – TheTiger Dec 17 '12 at 19:33
  • 1
    @VakulSaini Agreed. If you are going to put down someone's answer and claim there is a better way, then you must offer your better way. The point is to be helpful, not negative. – rmaddy Dec 17 '12 at 19:36
  • Decided to go with the NSString write to file method and it worked! thank you!! and @Vakul I will try the plist method if time permits thank you as well – Andy Dec 17 '12 at 19:48
  • Just to make it clear for @Andy , the .plist approach is essentially the same thing - writing the password in clear-text, ready for the hackers of the world to obtain. It is just a format used for arrays and dictionaries. Take a look at Vakul Saini's link above pointing to a good class wrapping the keyChain functionality. – Mario Dec 17 '12 at 19:52
  • @maddy I appreciate the suggestion this is not a very serious app but if I have time, playing with the keychain would be useful thanks! – Andy Dec 17 '12 at 19:52
  • @Mario Thank you for the solution and the information on plists im pretty new to apps so much of this is news to me – Andy Dec 17 '12 at 19:53