I have a service that connects to a database through a restful api with username and password. My question is what is the best way to store those credentials in my iOS app so that they cannot be seen by any attackers (gain access to our database)? Is storing the username and password in a private variable enough? Do i use the keychain? If i use the keychain how do I use it and is it possible for those users to gain access to that information?
Asked
Active
Viewed 67 times
0
-
Possible duplicate of: http://stackoverflow.com/questions/6972092/ios-how-to-store-username-password-within-an-app – Zepplock Aug 06 '15 at 21:34
1 Answers
0
Keychain is the best way to go if available. I use UICKeyChainStore for my own apps.
Its actually dead simple to use that API. Here is an example from their page:
UICKeyChainStore *keychain = [UICKeyChainStore keyChainStoreWithService:@"com.example.github-token"];
keychain[@"kishikawakatsumi"] = @"01234567-89ab-cdef-0123-456789abcdef";
Another option would be to store only the password hash in the NSUserDefaults. You can read about best practices for hashing here.
MBulli
- 1,659
- 2
- 24
- 36