Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login authentication #45

Open
lasking88 opened this issue Jan 31, 2018 · 0 comments
Open

Login authentication #45

lasking88 opened this issue Jan 31, 2018 · 0 comments
Assignees
@lasking88
Labels
enhancement

Comments

@lasking88
Copy link
Collaborator

The procedure of login authentication is as follows.

  1. The user types in login code.
  2. Perform get request with login code query.
  3. Returns an object including School ID if the code is correct, or error message.

In order to re-login without typing the code again, there are two options with current server.

  1. Stores plain login code on the device and use it whenever the app is launched.
    (security problem : whoever is able to access the device can retrieve the plain code.)
    (Since the user has to send plain text, storing hashed code won't work.)
  2. Stores the returned status when the code is correct.
    (This causes a problem when the code is changed. Once any user logged in the app, they are able to log in forever even though the code is changed on the server.)

The app is implemented with option 1 temporarily, but it has to be resolved for the security reason.
@lasking88 lasking88 self-assigned this Jan 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lasking88 lasking88

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lasking88