[SailfishDevel] Storing credentials safely in a python+QML app

J. Pablo elfio at hiperones.es
Thu Sep 15 13:02:07 UTC 2016

But the master password should be remembered by the user? What's the difference then between this solution and just ask for the proper password each time?


El jueves, 15 de septiembre de 2016 11:46:01 (CEST) Andrey Kozhevnikov escribió:
> you should use master password for saving credentials, or ask every time 
> to enter password and save only login.
> ------ Исходное сообщение ------
> От: "J. Pablo" <elfio at hiperones.es>
> Кому: "Sailfish OS Developers mailing list (devel at lists.sailfishos.org)" 
> <devel at lists.sailfishos.org>
> Отправлено: 15.09.2016 16:44:22
> Тема: [SailfishDevel] Storing credentials safely in a python+QML app
> >Hello sailors!
> >
> >This is my first email in the list, although I've been reading for a 
> >while.
> >
> >I'm designing a simple app that show the user some info about its 
> >contract with its mobile carrier (pepephone, from Spain).
> >
> >Their API is pretty simple and you have to login each time with user 
> >and password and then the servers returns a sessionID.
> >
> >I'd like to keep username and password safely in the phone. Now, I'm 
> >aware that obfuscation is not an option, and any other safe method that 
> >come to my mind needs a master password. I've asked to other dev and he 
> >use a salt and the IMEI to encrypt it, but you only have to get other 
> >app into the phone and knowing the algorithm (easly checking the code 
> >on github) you can get the password.
> >
> >I wonder if SFOS has some kind of keyring like kde or gnome, or if 
> >there is no other way than the described above. Any suggestion is 
> >appreciated :)
> >
> >Cheers,
> >Pablo.
> >_______________________________________________
> >SailfishOS.org Devel mailing list
> >To unsubscribe, please send a mail to 
> >devel-unsubscribe at lists.sailfishos.org
> _______________________________________________
> SailfishOS.org Devel mailing list
> To unsubscribe, please send a mail to devel-unsubscribe at lists.sailfishos.org

More information about the Devel mailing list