truthful_ness
Reputation: 84
Safest / Simplest way to secure iphone api webservice
I've been doing a lot of research and trying to figure out the best (most simple) way to secure an iphone app's webservice. My ideas so far are below:
- Use oAuth 2.0 (cons: labor intensive)
- Store salted&hashed password (SHA-1) and send each api call with username and salted password as url params
- store salted&hashed password (SHA-1) with username and send both as one single url param that would be stored in the DB in a unique field or table
- only allow users to log in via twitter login or facebook login.
Would any of these approaches work? Im leaning towards #3 right now because it seems simple yet effective in my eyes. Any feedback would be appreciated!
Upvotes: 0
Views: 46
Answers (1)
David Brossard
Reputation: 13832
I would use 4. and implement OpenID. There is great support for it and it gives you Google Authentication as well as Yahoo and many others. It means your users no longer have to create accounts with you so you'll be able to retain customers more easily.
Upvotes: 1
Related Questions
- How do I secure a .NET Web Service for use by an iPhone application?
- Options for securing REST based service for iOS/Android app
- Authorize Web Service Requests
- How To Secure Web Service Without Login
- Best Security Framework to secure and authenticate an iPhone app which uses REST?
- Simple but effective security for iOS to ASP.NET JSON service?
- Best way of using web services on iOS?
- Making A Webservice Secure
- What is the best way to secure a RESTful API to be accessed on an iPhone
- Secure/Best Practices for Account Creation for app that uses REST services?