Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Best practices for account registration/singing up/authenticating in mobile app [closed]

I'm writing mobile application. I also have web server, that handle http requests to start user registration, and add user/password to database. But I do not want to send users password as a parameter of POST request because of security. Now on my local machine it works perfectly, but on the internet it would be insecure. Also it is easy to DDoS this web server.

So my questions is:

  1. How can I organize sign up process in Android app?
  2. How does usually mobile application handle registration process?
  3. How can I securely send users password?
  4. How can I securely store users password in mobile application, especially inside Android Application
like image 815
c0rp Avatar asked Mar 18 '14 17:03

c0rp


People also ask

How do apps authenticate users?

So the app initially posts the username/password (over ssl) and the server returns a token that the app stores. For subsequent sync attempts the token is sent first, the server checks it is valid, and then allows other data to be posted.


1 Answers

1- The best way to use account registration is using the Account Manager.

2- Usually you have some token to keep the user logged and when user access it you renew it.

3- Use https

4- You dont, use tokens.

There is a great tutorial that you can follow: http://blog.udinic.com/2013/04/24/write-your-own-android-authenticator/

like image 114
Scoup Avatar answered Sep 28 '22 20:09

Scoup