• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Protecting Credentials from mobile application

 
Prashanth Nair
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We have a Service oriented middle layer servlet which would respond to the requests from a mobile device. The Servlet will handle the business logic and will return a view object like json or xml to the device. We have a scenario where the user passes in his username & password for the initial login. Do you have a solution to encrypt this credentials when its read in the request parameter, so that the developer wont be able to see it or print it to the logs?

Thanks
Prashanth
 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're passing credentials, pass them over SSL channel.

If you're looking for more secured and _standard_ solution and do not want user to pass his/her credentials from mobile app, there is very famous protocol exist: OAuth 2 (http://oauth.net/) which is perfectly fit for such requirement.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic