fineract-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Cable <edca...@mifos.org>
Subject Re: [Mifos-developer] REQUEST: Store 4-digit pin code on back-end for self-service login
Date Mon, 24 Apr 2017 06:54:12 GMT
Shiv,

I agree that I wouldn't want log-in to be dependent on network
connectivity. I too also don't believe that the pin needs to be shareable
across devices as it's most typical that the 4 digit pin only works for the
device that you're setting it up on.

The reason why we were proposing storing the 4-digit pin on the server was
because it was insecure if stored locally if a device was rooted and the
pin could be accessed.

Ishan - there is no way the 4-digit pin could be stored locally in a secure
manner?

Sander and others, based on what you've built into your self-service apps,
can you add your thoughts to this thread?

Thaks,

Ed

On Sun, Apr 16, 2017 at 10:02 PM, SHIV ARORA <shivamarora0902@gmail.com>
wrote:

> If we store the pin on server then the app will be dependent on network
> connectivity.I think this passcode feature should work, irrelevant of the
> access of internet or not.On further stages, we would give the app offline
> access feature.So i think network dependency for this feature is not a good
> option.
>
> On 14 Apr 2017 9:21 p.m., "Ed Cable" <edcable@mifos.org> wrote:
>
>> Hi Nazeer,
>>
>> Per our discussions, I wanted to send some further details on the dev
>> list about the requirements and conversations the mobile developers working
>> on the Android self-service app have been having.
>>
>> First off, in order to make it easier for a user to log in and not have
>> to fully authenticate themselves each time they leave the self-service app,
>> we wanted to enable a 4 digit pin code that could be used to log in to the
>> app (once fully authenticated for a first time). This is pretty standard
>> practice in banking apps.
>>
>> We didn't want to store that locally since it wouldn't be secure on
>> phones that are rooted.
>>
>> With that constraint, we need to be able to store this pin on the
>> back-end - then it can also be shared across phones as well.
>>
>> I'll let Rajan, Ishan, and Puneet and others chime in with more details
>> about access token that gets generated, its validity etc.
>>
>> A couple of GSOC aspirants have already begun work on the creation and
>> entry of the pin via the app on the phone but we need your assistance in
>> storing it at the back-end.
>>
>> I've created a ticket at: https://issues.apache.org/
>> jira/browse/FINERACT-424
>>
>> Discussion surrounding those tickets can be found at
>> https://github.com/openMF/self-service-app/issues/115 and
>> https://github.com/openMF/self-service-app/issues/132
>>
>> Ed
>>
>> --
>> *Ed Cable*
>> President/CEO, Mifos Initiative
>> edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649
>> <(484)%20477-8649>
>>
>> *Collectively Creating a World of 3 Billion Maries | *http://mifos.org
>> <http://facebook.com/mifos>  <http://www.twitter.com/mifos>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> Mifos-developer mailing list
>> mifos-developer@lists.sourceforge.net
>> Unsubscribe or change settings at:
>> https://lists.sourceforge.net/lists/listinfo/mifos-developer
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> Mifos-developer mailing list
> mifos-developer@lists.sourceforge.net
> Unsubscribe or change settings at:
> https://lists.sourceforge.net/lists/listinfo/mifos-developer
>



-- 
*Ed Cable*
President/CEO, Mifos Initiative
edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649

*Collectively Creating a World of 3 Billion Maries | *http://mifos.org
<http://facebook.com/mifos>  <http://www.twitter.com/mifos>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message