Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In my application, once the user is authenticated, he receives a sort of security key that needs to be stored for his session on the iPhone/iPad. This security key is used for all his future requests during the session.
How safe is it if i were to store the key in some global variable once I get it? Can it be accessed if the iPhone is jailbroken? If so, what would be a safe place to keep the session key?
Thanks,
Hetal
Who are you worried is going to steal the code? The user or another malicious program? If its the user, and the code is very valuable you have to assume that anyone with physical access to the device could, in theory, break it. But as a practical matter you are pretty safe. You could encrypt the code while it’s in memory and only decrypt it as you use it.
Again, as a practical matter, web-apps do this all the time via cookies. If the code is only valid for a single session you are probably safe if it is compromised. You might want to consider the code ‘safe’ while it is in memory, but put in other protection to detect when and if it does get stolen. i.e. have the code only be valid for 10 minutes and then has to be refreshed, only valid from one IP or limits on the number of transactions etc. Depending on what your application needs are.