[SailfishDevel] Storing credentials safely in a python+QML app

[Andrey Kozhevnikov]

you should use master password for saving credentials, or ask every time 
to enter password and save only login.

------ Исходное сообщение ------
От: "J. Pablo" <elfio at hiperones.es>
Кому: "Sailfish OS Developers mailing list (devel at lists.sailfishos.org)" 
<devel at lists.sailfishos.org>
Отправлено: 15.09.2016 16:44:22
Тема: [SailfishDevel] Storing credentials safely in a python+QML app

>Hello sailors!
>
>This is my first email in the list, although I've been reading for a 
>while.
>
>I'm designing a simple app that show the user some info about its 
>contract with its mobile carrier (pepephone, from Spain).
>
>Their API is pretty simple and you have to login each time with user 
>and password and then the servers returns a sessionID.
>
>I'd like to keep username and password safely in the phone. Now, I'm 
>aware that obfuscation is not an option, and any other safe method that 
>come to my mind needs a master password. I've asked to other dev and he 
>use a salt and the IMEI to encrypt it, but you only have to get other 
>app into the phone and knowing the algorithm (easly checking the code 
>on github) you can get the password.
>
>I wonder if SFOS has some kind of keyring like kde or gnome, or if 
>there is no other way than the described above. Any suggestion is 
>appreciated :)
>
>Cheers,
>Pablo.
>_______________________________________________
>SailfishOS.org Devel mailing list
>To unsubscribe, please send a mail to 
>devel-unsubscribe at lists.sailfishos.org