问题
I have a simple RESTful backend and I am using HTTP Basic over HTTPS for authentication. It works fine, but I am looking for a appropriate solution to store the credentials (username + password).
There are a lot of examples out there and the majority suggest to use the Account Manager to store passwords. AFAIK the account manager stores only OAUTH (and similar) accounts and automatically generates tokens etc. But how can I use it to store and fetch the original passwords? Is it even possible?
Others suggest to store it as a hashed value, but this doesn't make sense to me (At the end of the day I will need to have access to the original string).
Sorry for another How to use HTTP basic and android question, but I was not able to find a suitable answer so far and to store the data within the local sqlite db as plaintext doesn't seem to be appropriate.
回答1:
Of course you can use the Account Manager to store password as well. This is the method:
addAccountExplicitly (Account account, String password, Bundle userdata)
and you can get the password using this method:
getPassword(Account account)
回答2:
I have a few thoughts concerning your project/style of usrmanagement.
- Why do you want to save the password on the device?
- Why don't you work with auth tokens
- Why not workig with the good old sharedPreferences.
I would suggest to do it like this. At first register(no password and username are neccessary, it creates a user "Guest123") or login to the server with a password (hashed by the device, getting from a normal edittext from the user). Then check for correctness on the server, if valid, send back an auth token and a time to live for that token. Store this in the sharedpreferences. Send the token with every request you make to the server, if this token is not valid (because time is over, logged in on another device...), tell the user.
There are couple of tweaks which could be done here, but for the beginning it shoul help ou on your project.
来源:https://stackoverflow.com/questions/23453567/android-store-http-basic-password-username