Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersPassword in session?
possum888

24 posts

Geek
+1 received by user: 4

ID Verified

#86880 14-Jul-2011 22:05
Send private message

Here's the gist: currently my school iOS app has a webmail section, which uses a poorly designed web interface of Outlook Web Access. I'm attempting to build a native view that will connect to the Exchange server and get the emails, but here is where I'm worried.

Other sections of my app require to login via a login form. Your username is stored in the session, where the other functions (e.g Homework, Attendance, etc.) get their results from the main database based on the username in the session. However to connect to the Exchange server, you need a username AND password.

What would be the best way of getting the password? Is it safe to get the password when logging in, store it in the session, then reuse it for the email? Or would it be better to get the password from a database query where the username equals the one in the session? Or should I just simply make another login form? However I expect that might be slightly annoying...

If anyone has any insight, it would be greatly appreciated :)

Create new topic
jbard
1377 posts

Uber Geek
+1 received by user: 17


  #493534 14-Jul-2011 22:20
Send private message

To be storing passwords in SESSION or retrieving them from a database that means they must be stored in plain text which is terrible practice.

At the very least a MD5 hash should be used to store the passwords.

Apart from that their isn't much problem leaving them in session as this is all managed by the server. The only case i wouldn't do this is if you are using shared hosting as their security isn't always perfect and their is a chance someone else on the same server could access the information. If you have a dedicated server this isn't a problem.

Hope this helps :)



freitasm
BDFL - Memuneh
80653 posts

Uber Geek
+1 received by user: 41045

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #493540 14-Jul-2011 22:41
Send private message

If you have an Exchange Server why not just enabled ActiveSync and let iOS devices (and all others) use that secure protocol and their native email apps instead?





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

possum888

24 posts

Geek
+1 received by user: 4

ID Verified

  #493544 14-Jul-2011 23:03
Send private message

@jbard

I'm connecting to the school's Exchange server, so there isn't any issue of shared hosting. I've got no idea about how the internal database structure works, but from the code I grabbed off Mr Wood, I can see that it sends a query to the LDAP server to check if the user exists. If yes, it sets the username session from the username field from the login form. I suppose I could just add a little bit to set the password if the user exists.

@freitasm

I would prefer to keep this 'in-app'. That way I can use a GA tracking script to gather statistics about the users of my app. I'm also finding this fun to build, and it'll hopefully keep me busy over the school holidays!

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright