[android-developers] Re: hi

bob wrote:

The problems with the code appear to be twofold:

1.  The comparison of the username and password is case-sensitive, which it probably shouldn't be (maybe for password, probably not for username)

That's not true. Usernames are often and commonly case sensitive. Passwords most certainly should be case sensitive! 

Ignore this advice.

It's up to the application whether usernames or passwords should be case sensitive, though 

it is often to be preferred. You can't tell the OP that this is a problem because obviously it 

conforms to their requirement.

> 2.  The passwords are stored insecurely in the database, whereas an MD5 hash would be preferred.

You speak of security after recommending case-insensitive passwords? Make up your mind!

Insecure storage might suffice on device. Physical security of the device is far more an issue.

Even if the passwords were stored by your standard of "security", having the device 

in your hand means you have access to the functionality protected by the password.

How much hashing the password will help is debatable. Probably still a good idea, 

but hardly a major problem with the OP's code at this stage.

-- 

Lew

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en