lundi 9 mai 2016

Would this RESTful iOS login system be secure?

So I have been thinking about a way to make a secure restful API for ios logins.

This is what my teacher and I have come up with:

  1. The Client (swift program) initializes the connection with the server.
  2. The Server returns a "shared secret" (ex. +40) and a hash of a random string of letters and numbers.
  3. The Client then hashes the Username and Password (separate) and sends it back with the hash of: hash + "the shared secret".
  4. After the Server sends data (step 2) the server hashes [hash + "shared secret"] and then updates it in the db
  5. The Server then receives the hashed value from the Client and checks the db to see if it matches
  6. The db will also have a timestamp that if not updated frequently enough there will be a function that runs through the db and drops the items that are no longer used.
  7. For every request after the login the bearer token is sent.

The bearer token will follow this formula: Request verification token = hash [ (original hash) + (shared secret) * (# of requests) ]

Aucun commentaire:

Enregistrer un commentaire