[SailfishDevel] Storing credentials safely in a python+QML app

Andrey Kozhevnikov coderusinbox at gmail.com
Thu Sep 15 13:57:14 UTC 2016


profit is not writing real password each time, just some pin.

------ Исходное сообщение ------
От: "Marcin Mielniczuk" <marmistrzmar at gmail.com>
Кому: "Sailfish OS Developers" <devel at lists.sailfishos.org>
Копия: "Andrey Kozhevnikov" <coderusinbox at gmail.com>; "J. Pablo" 
<elfio at hiperones.es>
Отправлено: 15.09.2016 18:34:58
Тема: Re: [SailfishDevel] Storing credentials safely in a python+QML app

>I remember Harmattan uses accounts-qt framework (libaccountsetup0,
>libsignon0, etc.) for SSO support. Did Sailfish drop it?
>
>Marcin
>
>On 15.09.2016 15:02, J. Pablo wrote:
>>  But the master password should be remembered by the user? What's the 
>>difference then between this solution and just ask for the proper 
>>password each time?
>>
>>  Thanks!
>>
>>  El jueves, 15 de septiembre de 2016 11:46:01 (CEST) Andrey 
>>Kozhevnikov escribió:
>>>  you should use master password for saving credentials, or ask every 
>>>time
>>>  to enter password and save only login.
>>>
>>>  ------ Исходное сообщение ------
>>>  От: "J. Pablo" <elfio at hiperones.es>
>>>  Кому: "Sailfish OS Developers mailing list 
>>>(devel at lists.sailfishos.org)"
>>>  <devel at lists.sailfishos.org>
>>>  Отправлено: 15.09.2016 16:44:22
>>>  Тема: [SailfishDevel] Storing credentials safely in a python+QML app
>>>
>>>>  Hello sailors!
>>>>
>>>>  This is my first email in the list, although I've been reading for 
>>>>a
>>>>  while.
>>>>
>>>>  I'm designing a simple app that show the user some info about its
>>>>  contract with its mobile carrier (pepephone, from Spain).
>>>>
>>>>  Their API is pretty simple and you have to login each time with 
>>>>user
>>>>  and password and then the servers returns a sessionID.
>>>>
>>>>  I'd like to keep username and password safely in the phone. Now, 
>>>>I'm
>>>>  aware that obfuscation is not an option, and any other safe method 
>>>>that
>>>>  come to my mind needs a master password. I've asked to other dev 
>>>>and he
>>>>  use a salt and the IMEI to encrypt it, but you only have to get 
>>>>other
>>>>  app into the phone and knowing the algorithm (easly checking the 
>>>>code
>>>>  on github) you can get the password.
>>>>
>>>>  I wonder if SFOS has some kind of keyring like kde or gnome, or if
>>>>  there is no other way than the described above. Any suggestion is
>>>>  appreciated :)
>>>>
>>>>  Cheers,
>>>>  Pablo.
>>>>  _______________________________________________
>>>>  SailfishOS.org Devel mailing list
>>>>  To unsubscribe, please send a mail to
>>>>  devel-unsubscribe at lists.sailfishos.org
>>>  _______________________________________________
>>>  SailfishOS.org Devel mailing list
>>>  To unsubscribe, please send a mail to 
>>>devel-unsubscribe at lists.sailfishos.org
>>  _______________________________________________
>>  SailfishOS.org Devel mailing list
>>  To unsubscribe, please send a mail to 
>>devel-unsubscribe at lists.sailfishos.org
>



More information about the Devel mailing list