科技回声

"Also, we encrypt user passwords on our servers and we never return a password in the result of any query."<p>Queue a link to _that_ bcrypt article...<p>I wonder if they've got a reason not to only store a hash? And if so, I wonder if they've got infrastructure secure enough to store your users passwords in an apparently retrievable form?<p>(I quite like Mozilla.org's guideline of storing the hashes in he database and the salts in the filesystem, to help ameliorate the consequences of an SQL injection attack...)

A question I'm struggling with at the moment for my own project, is whether allowing the password to pass through the hands of a third party developer is even wise?

1. Should you even bother using this if you can't implement NSURLConnection based authentication. No. 2. The point of this is lost on me. Why would I use this?

Seems in part very similar to parse.com

A question I'm struggling with at the moment for my own project, is whether allowing the password to pass through the hands of a third party developer is even wise?

1. Should you even bother using this if you can't implement NSURLConnection based authentication. No. 2. The point of this is lost on me. Why would I use this?

Seems in part very similar to parse.com

Easy User Authentication For Mobile Developers

4 条评论

Easy User Authentication For Mobile Developers

4 条评论