Best way of storing password locally for app login autofill

Anything beyond the basics in using the LiveCode language. Share your handlers, functions and magic here.

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller

Post Reply
SWEdeAndy
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 257
Joined: Sat Aug 16, 2008 9:48 am
Location: Stockholm, Sweden
Contact:

Best way of storing password locally for app login autofill

Post by SWEdeAndy » Sun Sep 03, 2017 8:43 pm

Hello! I’ve been trying to find a hint on this in the forum and by general googling, but don’t seem to find any related discussion.

I develop an app where users are supposed to log in with username and password. (The app connects to a MySQL database via php, and this all works fine.)

Now, I want to service the users by letting the app remember their login data, so that the username and password fields are auto-filled at startup (if the user wants that), just like most web browsers do. So, I have to store the login data locally, in a prefs file or something, to be accessed by the app at startup.

Then, what is the best/most secure way to do that?
1) The data should obviously be encrypted - are built-in LC functions for that enough? Which method would you recommend?
2) The actual file - where would you save it and which format is suitable? Binfile?

Or are there totally different solutions to all this that I’ve completely missed?

Any hint or help would be much appreciated.

The app would run on all platforms (except HTML5), so the solution should ideally work for all.

Thanks
Andreas
Andreas Bergendal
Independent app and system developer
WhenInSpace: https://wheninspace.se

jacque
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 7214
Joined: Sat Apr 08, 2006 8:31 pm
Location: Minneapolis MN
Contact:

Re: Best way of storing password locally for app login autof

Post by jacque » Mon Sep 04, 2017 10:19 pm

One way would be to encrypt the password using LC's "encrypt" command and store it as a custom property of a preferences stack. When you create the prefs stack, set a random password on it which will encrypt the stack itself and gives you a sort of double-encryption. You don't need to store the stack password because your app can read the custom properties without decrypting the stack. When your app retrieves a user password, your script can decrypt it.

You will need a password to encrypt/decrypt the user passwords. You can hard-code the encryption password into the mainstack and set a password on the mainstack in the standalone settings so nosy people can't see it. Once in a fit of overkill, I encrypted with a password that was actually part of the mainstack. It could be the name of a particular control, or the third word in the script of some object, or a word in some static field text, or anything else you know will never change. That was probably unnecessary, since if anyone can get into the scripts they can figure out where the encryption password is. But I was feeling adventurous and it did work.

The main thing is to set a password on both the mainstack and the prefs stack. LC's stack encryption is pretty good, though nothing of course is unbreakable.
Jacqueline Landman Gay | jacque at hyperactivesw dot com
HyperActive Software | http://www.hyperactivesw.com

SWEdeAndy
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 257
Joined: Sat Aug 16, 2008 9:48 am
Location: Stockholm, Sweden
Contact:

Re: Best way of storing password locally for app login autof

Post by SWEdeAndy » Wed Sep 06, 2017 8:31 am

Thanks a lot Jacqueline, this is a very interesting and useful idea. I'll try it out.
/Andreas
Andreas Bergendal
Independent app and system developer
WhenInSpace: https://wheninspace.se

Post Reply

Return to “Talking LiveCode”