Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




22 posts

Geek
+1 received by user: 4


Topic # 86880 14-Jul-2011 22:05
Send private message

Here's the gist: currently my school iOS app has a webmail section, which uses a poorly designed web interface of Outlook Web Access. I'm attempting to build a native view that will connect to the Exchange server and get the emails, but here is where I'm worried.

Other sections of my app require to login via a login form. Your username is stored in the session, where the other functions (e.g Homework, Attendance, etc.) get their results from the main database based on the username in the session. However to connect to the Exchange server, you need a username AND password.

What would be the best way of getting the password? Is it safe to get the password when logging in, store it in the session, then reuse it for the email? Or would it be better to get the password from a database query where the username equals the one in the session? Or should I just simply make another login form? However I expect that might be slightly annoying...

If anyone has any insight, it would be greatly appreciated :)

Create new topic
1355 posts

Uber Geek
+1 received by user: 15


  Reply # 493534 14-Jul-2011 22:20
Send private message

To be storing passwords in SESSION or retrieving them from a database that means they must be stored in plain text which is terrible practice.

At the very least a MD5 hash should be used to store the passwords.

Apart from that their isn't much problem leaving them in session as this is all managed by the server. The only case i wouldn't do this is if you are using shared hosting as their security isn't always perfect and their is a chance someone else on the same server could access the information. If you have a dedicated server this isn't a problem.

Hope this helps :)

BDFL - Memuneh
59420 posts

Uber Geek
+1 received by user: 10629

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 493540 14-Jul-2011 22:41
Send private message

If you have an Exchange Server why not just enabled ActiveSync and let iOS devices (and all others) use that secure protocol and their native email apps instead?





 
 
 
 




22 posts

Geek
+1 received by user: 4


  Reply # 493544 14-Jul-2011 23:03
Send private message

@jbard

I'm connecting to the school's Exchange server, so there isn't any issue of shared hosting. I've got no idea about how the internal database structure works, but from the code I grabbed off Mr Wood, I can see that it sends a query to the LDAP server to check if the user exists. If yes, it sets the username session from the username field from the login form. I suppose I could just add a little bit to set the password if the user exists.

@freitasm

I would prefer to keep this 'in-app'. That way I can use a GA tracking script to gather statistics about the users of my app. I'm also finding this fun to build, and it'll hopefully keep me busy over the school holidays!

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand's IT industry in 2018 and beyond
Posted 22-Jan-2018 12:50


Introducing your new workplace headache: Gen Z
Posted 22-Jan-2018 12:45


Jucy set to introduce electric campervan fleet
Posted 22-Jan-2018 12:41


Hawaiki cable system will be ready for service in June 2018
Posted 22-Jan-2018 12:32


New Zealand hits peak broadband data
Posted 18-Jan-2018 12:21


Amazon Echo devices coming to New Zealand early February 2018
Posted 18-Jan-2018 10:53


$3.74 million for new electric vehicles in New Zealand
Posted 17-Jan-2018 11:27


Nova 2i: Value, not excitement from Huawei
Posted 17-Jan-2018 09:02


Less news in Facebook News Feed revamp
Posted 15-Jan-2018 13:15


Australian Government contract awarded to Datacom Connect
Posted 11-Jan-2018 08:37


Why New Zealand needs a chief technology officer
Posted 6-Jan-2018 13:59


Amazon release Silk Browser and Firefox for Fire TV
Posted 21-Dec-2017 13:42


New Chief Technology Officer role created
Posted 19-Dec-2017 22:18


All I want for Christmas is a new EV
Posted 19-Dec-2017 19:54


How clever is this: AI will create 2.3 million jobs by 2020
Posted 19-Dec-2017 19:52



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.