I want clients to be able to login into their account from an iOS application. Is there a good way on doing this in a secure way? Sure I'd submit the password as a hashed value, but wouldn't there still be the possibility of someone to spoof m开发者_开发百科y clients credentials?
The only credentials provided by the client are an email address and a password. A secret key would be possible, but that wouldn't be too secure as I'd have to hardcode this key into every delivered copy of the application and someone could possibly decompile and see the secret.
Thanks for your help.
Use SSL/TLS and hardcode the public key(or at least the fingerprint) of the server in your client. That way you can check if the server is the correct server.
And since you use asymmetric cryptography you don't need to embed the private key of the server into the client.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论