Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I think you shouldn't use the phone identifier alone to authenticate as it is not a secret and it is probably also guessable/predictable. Don't forget that if someone wanted to hack your web app they don't have to use your code - they can just guess device IDs and try to mess with your users data using any web client.</p> <p>You should treat the device ID similar to a username - it is for identification and not authentication. I suggest you get the user to pick a password, or even better generate a random code automatically, to go with it - then send the device ID + this password/code to register the device firstly, and then subsequently to authenticate the device. </p> <p>You can also bet that some users will have more than one device - either they will replace one eventually, or you will get somebody like Stephen Fry who goes around with 4 iphones. To deal with this I would suggest that you look for a way to instantiate restful_authentication twice, once for authenticating users, and a second time for authenticating devices. I haven't used this plugin but I expect you just need to use different table parameters to make this happen. Then in your application logic allow users to associate more than one device with their account.</p> <p>To do that securely either do it from the device, or have the device display a random code which they then enter into the web app to prove they own the device (this sounds more painful than it is - it is the same process that apple use in itunes, apple TV, and the remote app - look at how they do it - so it won't be that surprising for users).</p> <p>(Also make sure that when generating any random passwords you use a cryptographic random number generator as the basis - there is probably an iPhone API for this - otherwise your passwords may be predictable).</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload