it's a good (enough) way. If you control both ends (sounds like you do) why not hash (AND SALT!!!!) the password before you send it. Then you are not sending a plantext (even encrypted via HTTPS) password over the air at all.
Otherwise, you could check the HTTPS certificate to see if it's your one, and make you sure you dont do the "accept any certificate as long as it's valid" thing (which I do at the moment, but I'm going to turn off in the next release) Also, look at storing the UN/PW in the Keychain if you have to. Or, if you are passing hashed passwords around, just store the hash!! Just remember: unless you work for LinkedIn, Last.FM, e-harmony, and anyone else who's been hacked in the past week, always hash AND SALT your passwords. Better yet, Sebastien might be able to recommend a way in .NET to do bcrypt, which is an even better hash system, as it takes more time to process them (not enough for a single attempt to notice, but a hacker can't do 10,000,000 per second like they can do with MD5) On Tue, Jun 12, 2012 at 8:47 AM, MojoDK <[email protected]> wrote: > Hi, > > (I'm a novice with this, please bear with me :) > > I want to connect to a MVC4 webapi from my iOS App. > > So first I need to login, sending a username and password. > > If I do this in an "https" call, will this be safe enough? I don't want any > network sniffers out there sniffing passwords. > > I thought of doing something like: > > https://www.mysite.com/account/logon?username=blabla&password=blabla > > Is there a better (safer) way? > > Thanks!!! > Mojo > > -- > View this message in context: > http://monotouch.2284126.n4.nabble.com/Secure-json-tp4655312.html > Sent from the MonoTouch mailing list archive at Nabble.com. > _______________________________________________ > MonoTouch mailing list > [email protected] > http://lists.ximian.com/mailman/listinfo/monotouch -- Nic Wise t. +44 7788 592 806 | @fastchicken | http://www.linkedin.com/in/nicwise b. http://www.fastchicken.co.nz/ Earnest: Self-employed? Track your business expenses and income. http://earnestapp.com Nearest Bus: find when the next bus is coming to your stop. http://goo.gl/Vcz1p mobileAgent (for FreeAgent): get your accounts in your pocket. http://goo.gl/IuBU Trip Wallet: Keep track of your budget on the go: http://goo.gl/ePhKa London Bike App: Find the nearest Boris Bike, and get riding! http://goo.gl/Icp2 _______________________________________________ MonoTouch mailing list [email protected] http://lists.ximian.com/mailman/listinfo/monotouch
