Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


22 posts

Geek
+1 received by user: 4


Topic # 86880 14-Jul-2011 22:05
Send private message

Here's the gist: currently my school iOS app has a webmail section, which uses a poorly designed web interface of Outlook Web Access. I'm attempting to build a native view that will connect to the Exchange server and get the emails, but here is where I'm worried.

Other sections of my app require to login via a login form. Your username is stored in the session, where the other functions (e.g Homework, Attendance, etc.) get their results from the main database based on the username in the session. However to connect to the Exchange server, you need a username AND password.

What would be the best way of getting the password? Is it safe to get the password when logging in, store it in the session, then reuse it for the email? Or would it be better to get the password from a database query where the username equals the one in the session? Or should I just simply make another login form? However I expect that might be slightly annoying...

If anyone has any insight, it would be greatly appreciated :)

Create new topic
1366 posts

Uber Geek
+1 received by user: 15


  Reply # 493534 14-Jul-2011 22:20
Send private message

To be storing passwords in SESSION or retrieving them from a database that means they must be stored in plain text which is terrible practice.

At the very least a MD5 hash should be used to store the passwords.

Apart from that their isn't much problem leaving them in session as this is all managed by the server. The only case i wouldn't do this is if you are using shared hosting as their security isn't always perfect and their is a chance someone else on the same server could access the information. If you have a dedicated server this isn't a problem.

Hope this helps :)

BDFL - Memuneh
61320 posts

Uber Geek
+1 received by user: 12063

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 493540 14-Jul-2011 22:41
Send private message

If you have an Exchange Server why not just enabled ActiveSync and let iOS devices (and all others) use that secure protocol and their native email apps instead?







22 posts

Geek
+1 received by user: 4


  Reply # 493544 14-Jul-2011 23:03
Send private message

@jbard

I'm connecting to the school's Exchange server, so there isn't any issue of shared hosting. I've got no idea about how the internal database structure works, but from the code I grabbed off Mr Wood, I can see that it sends a query to the LDAP server to check if the user exists. If yes, it sets the username session from the username field from the login form. I suppose I could just add a little bit to set the password if the user exists.

@freitasm

I would prefer to keep this 'in-app'. That way I can use a GA tracking script to gather statistics about the users of my app. I'm also finding this fun to build, and it'll hopefully keep me busy over the school holidays!

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.