My iOS app communicates with my server. Since I am using HTTP Basic Authorization header, I wonder, where I should put my username and password for my server. Thanks.
Asked
Active
Viewed 240 times
2
-
Do you mean where should you store the username/password or how to supply it to the server? If you are asking where to store it, use the keychain. – Paulw11 Feb 21 '15 at 20:58
-
@Paulw11 I meant where to save. If I am saving them in keychain, I still need to write them in code, which means they are visible, right? – Maksims Moisja Feb 21 '15 at 21:12
-
1Oh, right. I assumed that the user was supplying them and you wanted to store them. If you have to hard-code them in your app then it is more tricky. Probably the best you can do is obfuscate the credential creation rather than storing a simple password as a string - For example you could write a bunch of functions that each return an int where the int represents one character in the password, but you need to add some value to that int to get the actual ASCII character - also if you get to choose the password on the server then make it long and gibberish. – Paulw11 Feb 21 '15 at 21:18
-
If you aren't using SSL or using SSL without server certificate verification then it is probably easier to attack the password on the network side – Paulw11 Feb 21 '15 at 21:18
-
Possible duplicate of [Best practices for iOS applications security](http://stackoverflow.com/questions/9448632/best-practices-for-ios-applications-security) – Matt S May 13 '16 at 20:32