我只想看看通過HTTPBody發送登錄信息是否像這樣安全?或者我應該編碼的用戶名和密碼?這些數據是否安全發送?
NSString *myRequestString = [[NSString alloc] initWithFormat:@"username=%@&password=%@", _userName.text, _passWord.text];
NSData *myRequestData = [NSData dataWithBytes:[myRequestString UTF8String] length:[myRequestString length]];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString: @"http://website.com/ilogin.php"]];
[request setHTTPMethod: @"POST"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"content-type"];
[request setHTTPBody: myRequestData];
[NSURLConnection connectionWithRequest:request delegate:self];
NSHTTPURLResponse *response;
NSError *err;
NSData *returnData = [ NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&err];
NSString *reply = [[NSString alloc] initWithData:returnData encoding:NSASCIIStringEncoding];
NSLog(@"responseData: %@", reply);
if (reply == @"Login Successful") {
_loginResponse = [NSString stringWithString:@"Successfully Logged In"];
} else if (reply == @"Incorrect Password") {
_loginResponse = [NSString stringWithString:@"Incorrect Username or Password"];
} else if (reply == @"LOGIN_ERROR_USERNAME") {
_loginResponse = [NSString stringWithString:@"Incorrect Username or Password"];
} else {
_loginResponse = [NSString stringWithString:reply];
}
這是儘可能不安全。您應該使用HTTPS(SSL加密的HTTP通信)代替開始。以明文形式發送密碼也是您可能想要防止的事情。而是發送密碼的散列版本,並將其與散列版本的服務器進行比較。實際上,甚至不在服務器上存儲明文密碼,但只存儲哈希版本。 – Till 2012-01-16 19:35:05