iPhone - Web Access Authentication

Posted by Terry on Stack Overflow See other posts from Stack Overflow or by Terry
Published on 2010-03-14T05:39:07Z Indexed on 2010/03/14 5:45 UTC
Read the original article Hit count: 535

Filed under:

iphone

|

password

|

app

|

authentication

|

uniqueidentifier

I am building a secure app for our exec's... here is my setup. It's a somewhat Macgyver approach, but bear with me :)

There are only 10 users, I have a record of each uniqueIdentifier on my backend in a database table. (This is internal only for our users, so I don't believe I am breaking the public user registration rule mentioned in the API docs)
Through adhoc distribution I install my app on all 10 devices
My app is simply composed of a UIWebView.
When the app starts it does a POST to our https site sending the uniqueIdentifier. (Thanks to this answer)
The server page that recieves the POST, checks the uniqueIdentifier and if found sets a session cookie that automatically logs them into the site.
This way the user doesn't have to enter in their credentials every time.

So what do you think, is there a security hole with this?

Thanks

© Stack Overflow or respective owner

Related posts about iphone

iphone - direct link to iPhone review form from inside iphone

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to link directly to the review link of one of my Apps. I know that it is possible because Appirater did it in the past, but some change in iTunes turned the API down. Appirater uses this URL NSString *templateReviewURL = @"itms-apps://itunes.apple.com/WebObjects/MZStore.woa/wa/viewContentsUserReviews… >>> More
Buy iPhone 4 Without Contract: $599 (AT&T) and $699 (Verizon)

as seen on Tech Dreams - Search for 'Tech Dreams'
Purchasing iPhone without a contract is a good option when you are planning to gift it to someone or going to use it outside US. Both AT&T and Verizon lets you iPhone 4 without a contract but this information is buried deep under blurred text in FAQs and agreements. Here is the pricing… >>> More
Is it possible to download and run IPhone apps on an IPhone emulator

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am tasked to provide an IPhone client app for our SaaS website. I have never written an IPhone application, nor do I have an IPhone at the moment. Before I can decide whether or not I want to do this myself or outsource this, I'd like to try a few apps myself to get a feeling for the UI. Is… >>> More
iPhone web app from dashcode rss feed template works deployed on simulator but not on iphone

as seen on Stack Overflow - Search for 'Stack Overflow'
iPhone web app from dashcode rss feed template works deployed on simulator but not on iphone. The web app is deployed at; http://www.alila.se/wordpress/index.html If i run the simulator and enter that adress, it fetches the rss feed and displays it. Everything fine. When i enter the adress into… >>> More
Problem running iPhone application on iPhone from Xcode (and in Instruments)

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I have a problem running one application on the iPhone from Xcode (or Instruments). When I try to run the app I get the error message Failed to upload XXX.app in the bottom left corner of Xcode. The strange thing is it actually uploaded the app to the iPhone but it doesn't start it (after this… >>> More

Related posts about password

remember password is not filling the password field automatically

as seen on Stack Overflow - Search for 'Stack Overflow'
IE is not filling the password field automatically when i click on the bookmarked url. But it's working on firefix,chrome etc. I tried with autocomplete="on" but no use. IE will fill the password only When i select a usename from the possible user names which the browser had kept for each login.… >>> More
Lost shell password: change user password from root

as seen on Super User - Search for 'Super User'
Hi. I recently accidentally forgot my user password to my shell. I know the root password. How do I change the user password? I figure it's something like $su root $passwd -[something] username but I can't get it to work. Halp pls? >>> More
[GEEK SCHOOL] Network Security 1: Securing User Accounts and Passwords in Windows

as seen on How to geek - Search for 'How to geek'
This How-To Geek School class is intended for people who want to learn more about security when using Windows operating systems. You will learn many principles that will help you have a more secure computing experience and will get the chance to use all the important security tools and features that… >>> More
Membership Generate Password alphanumeric only password?

as seen on Stack Overflow - Search for 'Stack Overflow'
How can I use Membership.GeneratePassword to return a password that ONLY contains alpha or numeric characters? The default method will only guarantee a minimum and not a maximum number of non alphanumeric passwords. I have the solution already but thought I'd share for future visitors. .. Answer… >>> More
Password Recovery without sending password via email

as seen on Stack Overflow - Search for 'Stack Overflow'
So, I've been playing with asp:PasswordRecovery and discovered I really don't like it, for several reasons: 1) Alice's password can be reset even without having access to Alice's email. A security question for password resets mitigates this, but does not really satisfy me. 2) Alice's new password… >>> More