Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have an iOS app that connects to a server periodically looking for data updates. The connection uses SSL and HTTPBasicAuthentication.
What is the best way to include my servers logon credentials with the app? From my understanding, a jailbroken iPhone could read my build files and easily see the username and password to log into my server.
Thanks,
Mike
There is no way to secure this totally. The best you can do is to obscure it somewhat (perhaps an encrypted file that you decrypt in the app) and then monitor the server for what looks like traffic not from the app.
If you wanted to be sneaky encrypt the authentication data and then use some kind of stenography – embed the credentials in an image, or even as raw data in a file that looks like something else (like an SSH key).
But a jailbroken developer will always be able to hook into your application to see the results of parsing that out, or possibly run an SSH proxy to simply monitor everything you are sending.