• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Creating a Login System

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm trying to create a login system for an Android app, looking for the best way to do this. Very new to Android development so struggling a bit to get my head around this.


App Background:

The app is to be used for small businesses, so:

- An admin will create the user accounts via the web for each user in their company. Users are given their login details (so there is no need for registration within the app).

- App will behave differently depending on the company they are in, so will need to read custom fields from a database.

- Preferably, users will only need to login once. So some kind of authorization token is saved to phone?

- I don't really want the login system to use any third party login (Google, Facebook etc.).

---

Currently, what i've done is, send email / password (encrypted) from a login form on the app as a http request within a url query string. I've then got a php page that will use email / password as a sql statement to see if the user exists and returns any user data back to the app.

I believe this will work, but not sure that it is a secure way of doing it? If anyone knows of better ways it is really appreciated!


Thanks
Nick
 
Rancher
Posts: 43081
77
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Credentials should never be sent a spart of the query string, since those end up in lots of places where you don't want credential stored (browser histories, log files, web caches, etc.). You should make that a POST that goes over HTTPS.
 
Nick Patrick
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:Credentials should never be sent a spart of the query string, since those end up in lots of places where you don't want credential stored (browser histories, log files, web caches, etc.). You should make that a POST that goes over HTTPS.



Heh, yeah.. never thought about that.

Great, thanks.. will look into this.
 
reply
    Bookmark Topic Watch Topic
  • New Topic