iPhone - Web Access Authentication

Posted by Terry on Stack Overflow See other posts from Stack Overflow or by Terry
Published on 2010-03-14T05:39:07Z Indexed on 2010/03/14 5:45 UTC
Read the original article Hit count: 568

I am building a secure app for our exec's... here is my setup. It's a somewhat Macgyver approach, but bear with me :)

  1. There are only 10 users, I have a record of each uniqueIdentifier on my backend in a database table. (This is internal only for our users, so I don't believe I am breaking the public user registration rule mentioned in the API docs)
  2. Through adhoc distribution I install my app on all 10 devices
  3. My app is simply composed of a UIWebView.
  4. When the app starts it does a POST to our https site sending the uniqueIdentifier. (Thanks to this answer)
  5. The server page that recieves the POST, checks the uniqueIdentifier and if found sets a session cookie that automatically logs them into the site.
  6. This way the user doesn't have to enter in their credentials every time.

So what do you think, is there a security hole with this?

Thanks

© Stack Overflow or respective owner

Related posts about iphone

Related posts about password