bob wrote: > > The problems with the code appear to be twofold: > > 1. The comparison of the username and password is case-sensitive, which > it probably shouldn't be (*maybe* for password, probably not for username) >
That's not true. Usernames are often and commonly case sensitive. Passwords most certainly should be case sensitive! Ignore this advice. It's up to the application whether usernames or passwords should be case sensitive, though it is often to be preferred. You can't tell the OP that this is a problem because obviously it conforms to their requirement. > 2. The passwords are stored insecurely in the database, whereas an MD5 hash would be preferred. You speak of security after recommending case-insensitive passwords? Make up your mind! Insecure storage might suffice on device. Physical security of the device is far more an issue. Even if the passwords were stored by your standard of "security", having the device in your hand means you have access to the functionality protected by the password. How much hashing the password will help is debatable. Probably still a good idea, but hardly a major problem with the OP's code at this stage. -- Lew -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
