Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




22 posts

Geek
+1 received by user: 4


Topic # 86880 14-Jul-2011 22:05
Send private message

Here's the gist: currently my school iOS app has a webmail section, which uses a poorly designed web interface of Outlook Web Access. I'm attempting to build a native view that will connect to the Exchange server and get the emails, but here is where I'm worried.

Other sections of my app require to login via a login form. Your username is stored in the session, where the other functions (e.g Homework, Attendance, etc.) get their results from the main database based on the username in the session. However to connect to the Exchange server, you need a username AND password.

What would be the best way of getting the password? Is it safe to get the password when logging in, store it in the session, then reuse it for the email? Or would it be better to get the password from a database query where the username equals the one in the session? Or should I just simply make another login form? However I expect that might be slightly annoying...

If anyone has any insight, it would be greatly appreciated :)

Create new topic
1362 posts

Uber Geek
+1 received by user: 15


  Reply # 493534 14-Jul-2011 22:20
Send private message

To be storing passwords in SESSION or retrieving them from a database that means they must be stored in plain text which is terrible practice.

At the very least a MD5 hash should be used to store the passwords.

Apart from that their isn't much problem leaving them in session as this is all managed by the server. The only case i wouldn't do this is if you are using shared hosting as their security isn't always perfect and their is a chance someone else on the same server could access the information. If you have a dedicated server this isn't a problem.

Hope this helps :)

BDFL - Memuneh
59999 posts

Uber Geek
+1 received by user: 11098

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 493540 14-Jul-2011 22:41
Send private message

If you have an Exchange Server why not just enabled ActiveSync and let iOS devices (and all others) use that secure protocol and their native email apps instead?





 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software


22 posts

Geek
+1 received by user: 4


  Reply # 493544 14-Jul-2011 23:03
Send private message

@jbard

I'm connecting to the school's Exchange server, so there isn't any issue of shared hosting. I've got no idea about how the internal database structure works, but from the code I grabbed off Mr Wood, I can see that it sends a query to the LDAP server to check if the user exists. If yes, it sets the username session from the username field from the login form. I suppose I could just add a little bit to set the password if the user exists.

@freitasm

I would prefer to keep this 'in-app'. That way I can use a GA tracking script to gather statistics about the users of my app. I'm also finding this fun to build, and it'll hopefully keep me busy over the school holidays!

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38


Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55


How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08


How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15


iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13


Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11


111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50


Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41


Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29


Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22


Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18


Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47


Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25


New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48


Shipments tumble as NZ phone upgrades slow
Posted 2-Mar-2018 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.