What problem are you trying to solve? Are you wanting to not store
passwords? Even if you use a third-party solution, you are still going
to store user-specific configuration information, yes? Or are you
handing all of that to Apple?
I have apps that are secure and I do not store passwords.
Somebody comes in to the app, I get their e-mail address and sent them
an "invite" into the app. This is exactly as secure as any
password-storage system that uses e-mail to reset passwords. Do I have
to worry about the security of my password tables? No. Do I have to
worry about whether I have picked the right encryption? No. Do I have to
worry about whether I have salted the passwords correctly? No. Do I have
to make people store their 327th password? No. Because I do not use
passwords.
I can even use 2FA on top of that.
The real problem with using systems like AppleID or Facebook
authentication is that gives people an illusion of security while
creating a single, incedibly massive point of failure. So why do that?
- ray
On 5/31/20 5:35 AM, Jesse Tayler via Webobjects-dev wrote:
I thought to myself, say — I should support "Sign in with Apple” — and
wondered if anyone has experiences they’d like to share about integrating with your
WO Apps??
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/ray%40ganymede.org
This email sent to r...@ganymede.org
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
