我需要在我的应用程序中实现离线登录。目前我将密码存储在钥匙串中,当应用程序在线时,密码链已经用于登录至少一次。但是现在我没有检查用户名密码组合。如果我有一个设备有多个用户,只存储密码就不够了。所以你们中的任何人都可以提出一些可以在没有安全漏洞的情况下完成的事情。
答案 0 :(得分:1)
我建议您使用登录密钥存储密码。类似于:acccount_test@test.com / password。
您可以对密码的md5值进行编码,以提高安全性
答案 1 :(得分:0)
您可以使用NSURLCredential取决于此link
商品
NSURLCredential *credential;
credential = [NSURLCredential credentialWithUser:username password:password persistence:NSURLCredentialPersistencePermanent];
[[NSURLCredentialStorage sharedCredentialStorage] setCredential:credential forProtectionSpace:self.loginProtectionSpace];
获取商店数据
NSURLCredential *credential;
NSDictionary *credentials;
credentials = [[NSURLCredentialStorage sharedCredentialStorage] credentialsForProtectionSpace:self.loginProtectionSpace];
credential = [credentials.objectEnumerator nextObject];
NSLog(@"User %@ already connected with password %@", credential.user, credential.password);
答案 2 :(得分:0)
您可以将其保存在旨在保存敏感信息的设备Keychain中。从此Ray Wenderlich tutorial下载包装器并使用sha512
加密密码#import "KeychainWrapper.h"
#include <CommonCrypto/CommonDigest.h>
-(void)createSHA512andSaveToKeychain:(NSString*)unencryptedPasswd {
const char *passwdBytes= [unencryptedPasswd cStringUsingEncoding:NSUTF8StringEncoding];
NSData *passwordData = [NSData dataWithBytes:passwdBytes length:unencryptedPasswd.length];
uint8_t digest[CC_SHA512_DIGEST_LENGTH];
CC_SHA512(passwordData.bytes, passwordData.length, digest);
NSMutableString *encryptedPasswd= [NSMutableString stringWithCapacity:CC_SHA512_DIGEST_LENGTH * 2];
for(int i = 0; i < CC_SHA512_DIGEST_LENGTH; i++) {
[encryptedPasswd appendFormat:@"%02x", digest[i]];
}
// Save the password in the device keychain
KeychainWrapper *keychainWrapper = [[KeychainWrapper alloc] init];
[keychainWrapper mySetObject:encryptedPasswd forKey:(__bridge id)kSecValueData];
[keychainWrapper writeToKeychain];
}
要检索密码:
// Retrieve the pwd from the device keychain
KeychainWrapper *keychainWrapper = [[KeychainWrapper alloc] init];
NSString *pwd = [keychainWrapper myObjectForKey:@"v_Data"];