Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


22 posts

Geek
+1 received by user: 4


Topic # 86880 14-Jul-2011 22:05
Send private message

Here's the gist: currently my school iOS app has a webmail section, which uses a poorly designed web interface of Outlook Web Access. I'm attempting to build a native view that will connect to the Exchange server and get the emails, but here is where I'm worried.

Other sections of my app require to login via a login form. Your username is stored in the session, where the other functions (e.g Homework, Attendance, etc.) get their results from the main database based on the username in the session. However to connect to the Exchange server, you need a username AND password.

What would be the best way of getting the password? Is it safe to get the password when logging in, store it in the session, then reuse it for the email? Or would it be better to get the password from a database query where the username equals the one in the session? Or should I just simply make another login form? However I expect that might be slightly annoying...

If anyone has any insight, it would be greatly appreciated :)

Create new topic
1364 posts

Uber Geek
+1 received by user: 15


  Reply # 493534 14-Jul-2011 22:20
Send private message

To be storing passwords in SESSION or retrieving them from a database that means they must be stored in plain text which is terrible practice.

At the very least a MD5 hash should be used to store the passwords.

Apart from that their isn't much problem leaving them in session as this is all managed by the server. The only case i wouldn't do this is if you are using shared hosting as their security isn't always perfect and their is a chance someone else on the same server could access the information. If you have a dedicated server this isn't a problem.

Hope this helps :)

BDFL - Memuneh
60788 posts

Uber Geek
+1 received by user: 11667

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 493540 14-Jul-2011 22:41
Send private message

If you have an Exchange Server why not just enabled ActiveSync and let iOS devices (and all others) use that secure protocol and their native email apps instead?







22 posts

Geek
+1 received by user: 4


  Reply # 493544 14-Jul-2011 23:03
Send private message

@jbard

I'm connecting to the school's Exchange server, so there isn't any issue of shared hosting. I've got no idea about how the internal database structure works, but from the code I grabbed off Mr Wood, I can see that it sends a query to the LDAP server to check if the user exists. If yes, it sets the username session from the username field from the login form. I suppose I could just add a little bit to set the password if the user exists.

@freitasm

I would prefer to keep this 'in-app'. That way I can use a GA tracking script to gather statistics about the users of my app. I'm also finding this fun to build, and it'll hopefully keep me busy over the school holidays!

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.