views:

126

answers:

2

I am writing an iPhone app which will start with asking the user to register with a login/passwd. These should be :

  1. Saved securely locally
  2. Send securely to a remote web-server

What do I need to achieve the above? Say, for local storage, shall I save them in a file or database? Shall I encrypt it? For sending it over, is HTTPS sufficient?

A: 

Whether you save them in a flat file or a database doesn't really matter security wise. What's important is how you secure the data - in any case you should encrypt the data with an encryption scheme that is strong enough for the type of data you are protecting.

If you only protect trivial things like for instance a high score in a game, then a less strong encryption would probably be good enough. However if you are providing access to more sensitive data, eg. personal information, then you should select a stronger encryption scheme.

Regarding HTTPS then it will only be able to help you out with the transfer of the data across the internet. It will most likely be good enough for you purpose since it is good enough for applications like online banking, etc.

Claus Broch
Thanks Claus. Do iPhone OS 3 APIs provide any mechanism for encryption? If not, any third implementations you may be aware of.
@amarsh-anand: You can use the built-in Security.framework or you can use OpenSSL (see http://stackoverflow.com/questions/2520946/ws-security-on-iphone-is-it-possible/2523358#2523358)
Claus Broch
A: 

See this question for storing sensitive data in the iPhone keychain.

JeremyP