I’m working on a local account system. I though localData would be the way to go, but it appears not.
local user = inputTab[1].val
local pword = inputTab[2].val
local data = readLocalData(user, pword))
if readLocalData(user, pword) == nil then
inform = "Log in failed: Account doesn't exist or password is incorrect."
failed = true
print("failed")
end
Here’s my issue. When they press the login button It logs them in anyway. I think this is because if in readLocalData(user, password) doesn’t exist, it creates it. I’m a beginner coder so I’m not sure what to do at this point.
local data = readLocalData(user)
if data~=pword then --failed
EDIT - the reason it wasn’t working was that if you provide a second parameter to readLocalData, it is used as the default value! Have a look at the built in reference (or link at top) for more.
@FearMe2142 readLocalData() isn’t going to create anything. It will only read what you give it. If it logs them in and (user,pwrd) isn’t correct, then your code isn’t correct.
You could do something like this. I’m not sure what you would use for the key, but here’s an example anyways.
function setup()
saveLocalData("key","john01,pword123")
data=readLocalData("key")
user,password=string.match(data,"(%g+),(%g+)")
print(user,password)
end
@FearMe2142 - first, you should never store passwords, but “salted” hashes of passwords (google this), and it should not be possible to either replace them, or edit the code. Storing plain text passwords breaks all those guidelines.
I think I’m right in saying that Codea’s code is also stored in plain text, so it could be altered (eg to skip the login).
There is no way to password secure a Codea project unless both the code and password file can be securely protected.
However, I think the amount of effort you go to should depend on how much effort you expect users to take to break your passwords, and how bad it would be if they did.
I have no idea whether sha1 keys are considered acceptable for storing passwords. I just use them for file integrity (rather than security), to verify read/write operations.
I’m sure Sha1 is fine for Codea, there are much bigger security issues than that, such as securing the password file and especially the code. I wouldn’t use Codea for anything where security was really critical.
I remember reading something on the forum about the code being readable after publication on the store, but I’ve never gone that far, so I can’t be sure. Certainly, anything stored with saveLocalData is going to be readable and editable by anyone who can hack the iOS file system.
I’ve read a lot about encryption, and the overriding message I get is that it is incredibly hard to get right. Codea isn’t designed for security, so it would be even harder to hack proof it. (That’s not a criticism, of course!).
I don’t see a problem with saveLocalData. Even if someone can read and edit the file, simple encryption will work unless a professional hacker gets the file. I don’t think a professional hacker is going to waste their time on something small. If someone edits the file, that just messes it up and it won’t work anyways.
I didn’t really need High Security. I’m building my own note taking app. Just needed a way for students to not pick up and delete someone’s notes mischievously. It’s only protecting notes you right down.
Thank you so much!!
Codea has really allowed me to innovate and I appreciate all the help from the community.
I hope to have the app up by spring. Possibly January 17th. I’m busting my arse over Christmas break.
The only thing I need encryption based is the ITunes purchase which would be $10.00 a year for the account, but Apple has a guide for that I believe.