The problems with the code appear to be twofold:
1. The comparison of the username and password is case-sensitive, which it probably shouldn't be (maybe for password, probably not for username)
> 2. The passwords are stored insecurely in the database, whereas an MD5 hash would be preferred.
You speak of security after recommending case-insensitive passwords? Make up your mind!
Insecure storage might suffice on device. Physical security of the device is far more an issue.
Even if the passwords were stored by your standard of "security", having the device
in your hand means you have access to the functionality protected by the password.
How much hashing the password will help is debatable. Probably still a good idea,
but hardly a major problem with the OP's code at this stage.
--
Lew
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
No comments:
Post a Comment