I am generating a random strong password for every user and want the user to use the same password for accessing the application, since the password is going to be hard to remember I wish to store the same in the keychain so it is easy to access.
Of course you can, you must be looking for nativescript-secure-storage plugin.
tns plugin add nativescript-secure-storage
Related
I would like to store one user preference per iOS and android device in a database.
Ideally it would be per user but as I don't want to maintain a login system. I want to do it this way.
How can I do this?
Note first that you can use the anonymous user system to create users for you and you could look at using that. You could also create a real user with randomly generated (UUID) username and password which are then stored in the keychain.
Alternatively, use the installation which is created for each device.
My application name is "Secret Photos". In my application I need store the photos secretly. I have done this part. Now I need to authenticate the user to view the photos. First time while opening the app I will get the password from the user. Now where can I save this password ?
In Library/Containers Folder or in Keychain ? If I store this password in Containers folder anyone can easily view my password.
I have seen similar applications in app store. I can't able to find where those applications are saving their passwords. I have fully checked the containers folder. They are not storing the passwords containers folder. Where those applications are saving their passwords ?
EDIT 1:
If I save passwords in Keychain means users can able to see the password(If they know the mac password). Moreover If the user launches the app it prompts for "Secret Photos wants to access your confidential information .... " I don't want this kind of message. I have seen apps that is storing the passwords somewhere else not in containers folder and in keychain.
You can see this app. This is a free app.
https://itunes.apple.com/us/app/secret-files-x/id740356582?mt=12
Keychain is the best place to store passwords. That way a user can sync it to iCloud and between Macs. He also can look it up in the keychain if he has forgotten the password. The documentation by Apple explains a lot more on using it: Apple documentation
As in, when I install an add-on, and Firefox restarts, it should accept a password (only the first time when installing). And when the user wants to disable or remove the add-on, it will only comply upon entering the same password? In which part would the code be kept?
You cannot. Even if you disable add-on uninstall - the user can always close the browser and remove the extension manually (removing the directory on disk will do).
That said, the secure way of storing passwords is the login manager. They will be stored encrypted on disk if the user defines a master password. Of course, the user himself can always see the stored passwords (under Options / Security / Saved Passwords). So you probably want to store a salted hash of the password rather than the password itself.
You can also use AddonManager.addAddonListener() to get notified whenever an add-on is being disabled or uninstalled. You can cancel the action by calling addon.cancelUninstall() or setting addon.userDisabled = false.
The above is merely for reference - it won't really help you achieve your goal.
I have an command line application (not rails) that needs the user to provide their username and password for the website the cli accesses.
I don't want to make the user enter their details for each and every command they execute.
How do I store the details without compromising security and storing the details without encryption? If I encrypt the password, where should I store the pass key so it is still secure?
I imagine an implementation similar to the way the Heroku gem works would be good.
UPDATE:
So I have gone ahead and implemented this in my application, but something doesn't feel quite right about the solution yet.
Prior to accessing the website for the first time, the user is prompted to enter their username and password. Following successful login, the user is asked whether to store the details for later. If yes, the password is encrypted using a key - however, as this is a ruby gem, the key is stored in the application in plain text.
Is there another way to do this. The file containing the username/password is now secure BUT the key to unlock it is stored in the application code.
On the update: no. If you need access to the plain text password, you can only obfuscate the password. You cannot safely store it. The key needs to be in plain, or the key that encrypts that key needs to be in plain, ad infinity. Can't be done.
I have an app which asks the user for a username and password which I want to be saved (so the user doesn't have to reenter his data on every launch).
Of course I need to acces the username and password on the next application start. Can you tell me how to do it?
One more thing: the username (and pw) is saved in the AppDelegate but I need it in a different class later..
The proper place to keep a username/password is in the keychain. It's made easier with open source wrappers such as SSKeychain.
The way I suspect you want to do it is with NSUserDefaults, which you can read about in the Preferences and Settings User Guide.
Either way you can get at the information quite easily from elsewhere in your application.
But you really should do it the first way.
Give it a try and come back and ask a more specific question if you can't get it to work.