secure transmission of the credentials

本文讨论了通过HTTPS进行凭证安全传输的方法,介绍了使用cookie进行用户验证的过程。文中提到cookie的有效期,并建议在cookie过期时重新登录获取新cookie。此外,还探讨了设备上存储用户凭据的风险,推荐仅存储密码的哈希值。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

原文

The easiest way for secure transmission of the credentials is to use Https. On successful authentication you'll receive a "cookie" that you can store locally in the user defaults. That cookie will typically expire. So, on subsequent logins, you can check that the cookie hasn't expired, and continue to use it for your server communication.

If the cookie does expire, then you prompt the user to login again, thereby receiving a new cookie from the server.

Storing any user credentials on the device is a big no no. The only way you can do it is to store a hash of the password. You would still need to check a hash of the entered password with the stored hash to check they are equal. It doesn't really give you anything other than a local - no server required - authentication.

Of course don't forget that without having to login again, the app will be vulnerable. Someone else could use the app and the owner's server session would still be active.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值