The App Business Blog

To download a small amount of data from a URL it’s very convenient to use:

NSData *downloadData = [NSData dataWithContentsOfURL:url];

To get data from a URL that requires authentication there several classes that specifically deal with this, e.g. NSURLAuthenticationChallengeSender and NSURLCredential, which require that you use NSURLConnection instead. 

NSURLConnection has several other advantages such as asynchronous downloading, but if you just want a one-liner, you can still use NSData dataWithContentsOfURL with basic authentication using the following method.

Normally the URL that you pass to dataWithContentsOfURL looks something like https://www.mysite.com/getmydata

You can add a username and password directly in the URL like this https://username:password@www.mysite.com/getmydata and this type of URL works just fine with NSData dataWithContentsOfURL.

Security Implications

• When you include the username and password in the URL, they may be stored in the web server’s log file.
• If you don’t use SSL, the username and password are sent in clear text.
• Don’t store the URL including the username and password in a property file or plist. These files can easily be viewed by someone looking inside your app bundle.
• Don’t store the credentials like this: NSString *credentials = @”user:password@”; This string is very easy to find in the executable file. If your security requirements are low then you can apply some mild obfuscation: NSString *credentials = [NSString stringWithFormat:@”%c%s%@%c%c%s%@”, ‘u’, “ser:”, @”pas”, ‘s’, ‘w’, “ord”, @”@”]; If you have real security requirements, use real encryption.

written by Nick \\ tags: NSData