iPhone - Web Access Authentication
- by Terry
I am building a secure app for our exec's... here is my setup. It's a somewhat Macgyver approach, but bear with me :)
There are only 10 users, I have a record of each uniqueIdentifier on my backend in a database table. (This is internal only for our users, so I don't believe I am breaking the public user registration rule mentioned in the API docs)
Through adhoc distribution I install my app on all 10 devices
My app is simply composed of a UIWebView.
When the app starts it does a POST to our https site sending the uniqueIdentifier. (Thanks to this answer)
The server page that recieves the POST, checks the uniqueIdentifier and if found sets a session cookie that automatically logs them into the site.
This way the user doesn't have to enter in their credentials every time.
So what do you think, is there a security hole with this?
Thanks