Reputation: 53
Protected sending/receiving data via HTTP
This a pretty basic question. Let's say I have this iPhone/iPad app that, at some point, gives the user the option to login. The username/pw are stored on the server's database.
What is the best way to communicate with the server to check if the username/pw are correct. How can I safely send & receive these requests via HTTP (without sending the plain pw)? What encryption/decryption should I use (both in-app and serverside)?
Upvotes: 1
Views: 141
Answers (2)
Reputation: 46
if you dont want to send the password plain text, you should use md5 hash (there is built in function in iphone) encrypt the password with md5 function and send it to the server.
if the server DB has the password in plain text, he can also make md5 hash and compare it with the one he received from the client.
you can also use this method to encrypt you're username.
Upvotes: -1
Reputation: 54326
Just use SSL (i.e. https). Whatever you do, don't roll your own crypto!
Upvotes: 2
Related Questions
- Secure Communication Between iPhone and Server?
- Send post data securely from iPhone
- Secure request from iPhone to Server
- Secure iPhone (iOS) /server communication
- Sending secure data over the network in iPhone
- Securing a connection from iPhone to server
- iOS HTTP Communication setup
- How to exchange data with an webserver the secure way?
- iPhone HTTP Request Security
- secure iPhone to server communication so that only my app can post data?