Hi, I am working on a mobile app for iPhone and Android. I need to be able to let users log in with username/password. I am using https. I want to prevent jail-breaking on the mobile device.I want to store the username/password on the mobile device. The mobile app will talk to a stateless REST service built in Java.Jersey on the back- end for authentication and data related calls.
I looked at Digest authentication but I am already using https.I looked at using a shared secret or nonce(1 time token) but i am not sure how to proceed with that. I do need the username/password encrypted on the mobile device and sent to the REST service which needs to be able to decrypt it. But this shared secret should be different across each mobile device.Can this prevent jail-breaking ? Do I have to do a 401 return with www-authenticate like in digest authentication to get the shared secret/nonce the 1st time round and store it locally too on the mobile device ? Can you please suggest some ways to do this ? TIA, Vijay -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
