Is it safe to use the "username" and "password" property of ASIHTTPRequest?
In my iPhone project, I was told to use the username and password property of ASIHTTPRequest to communicate with the server. But the truth is I don't have a very clear picture on how this authentication process really works in some real cyber security cases.
One spec开发者_StackOverflow社区ific question: do I need to encrypt the password before handing it to the ASIHTTPRequest instance, or, I can just give it the plain version?
One general question: let's say I was a bad guy and I want to do something bad to other iPhone users, maybe eavesdropping on their iPhone activities or do something funny to the wireless routers that they're accessing via WiFi. Among all those tricks that I should try, what are the easiest ones, and what are the most dangerous ones?
Thanks in advance.
ASIHTTPRequest, like the browser you're using right now, uses Basic Access Authentication. The main security downside of that scheme is that it assumes the underlying server connection is secure. If you don't connect over SSL, the password is transmitted in plaintext.
So don't do that.
精彩评论