Is it Safe/Good practice to save global values in NSUserDefaults?

1. I am makin开发者_如何转开发g an IPhone app in which userid and password is required in all the screens to make requests to the server, and I am thinking of saving those 2 values in NSUserDefault instead of passing an object around.

2. I am also thinking it will be useful if user has logged in once, and use the app again then user don't have to enter his/her details again.

But I am curious if it will be safe/good practice to use for first requirement?

---

I don't have anything against save these data on the user defaults. What I don't get is the idea to expose the user credentials on each request.

I would suggest you to ask for the credentials once, authenticate with your server and return a "session token". save this token and use it to validate the user on each request. (it means that you will save the token on you server or you will check the token using an algorithm)

Doing this you don't expose the user credentials all the time, you have control over the session, and you can expire it when you want, forcing the user to logging again.

For more complex implementations, you could Google for OAuth or XAuth and some related methods of authentication.

Cheers, vfn

---

It's reasonable to save global values in NSUserDefault that you want to survive your app being killed and restarted (as can happen under iOS4.0).

Passwords should be saved in memory (maybe a singleton model object), or in the keychain, as various iTunes backup databases might expose stuff stored in user defaults.