0

I have a demo username / password that would be baked into the app. How can I securely store this username / password ?

Questions:

  1. Is it ok store the demo username / password in the code ?
  2. If the username / password code is going to be used stored in Keychain, would it have to be hardcoded or is there another way ?
    • a) Is this any good because anyway it is exposed in the code ?
  3. Should the username / password be stored outside of the app ?
  4. Is there a better approach ?
user1046037
  • 16,755
  • 12
  • 92
  • 138

1 Answers1

0

I would personally prefer to store the username and password in the keychain. And password should be encrypted.

Hardcoding it in code or saving in the sandbox is not a good idea.

Reference url to store username and password in keychain: iOS: How to store username/password within an app?

So in your case: For the very first time, app need to get the username and password from the SSL API. Then save it in keychain. Since from then, every time when the app launches check the credentials in keychain. If not then again you need to call the API. There should be public private key encryption for credentials on both end while calling API.

Hope this would be helpful!

Community
  • 1
  • 1
Dharmesh Siddhpura
  • 1,610
  • 12
  • 22
  • 1
    But how do you get the values to *store in the keychain*? They have to come from somewhere; either in code or from a file, and that is the vulnerability – Paulw11 Mar 23 '17 at 04:40
  • @Paulw11 Yes that is correct, so the password needs to come from code / some other place. So what is the best approach ? – user1046037 Mar 23 '17 at 10:19
  • 1
    @user1046037: For the very first time, app need to get the username and password from the SSL API. Then save it in keychain. Since from then, every time when the app launches check the credentials in keychain. If not then again you need to call the API. There should be public private key encryption for credentials on both end while calling API. – Dharmesh Siddhpura Mar 23 '17 at 15:17
  • Could you please edit your answer and update it with your last comments so that your answer is complete. Thanks – user1046037 Mar 24 '17 at 00:30
  • Is it ok to store username / password in firebase and fetch it from there for authenticated firebase users ? – user1046037 Mar 24 '17 at 10:13