Password Caching?

[thetao]

I have a general question that seems way too technical for the "General" board. Hopefully this is a good place to ask...

How does the modern Symbian OS (9.1 or newer) handle password caching? I've seen a number of clients (usually network-based programs) that prompt for a password each and every time they're started, which is a great annoyance. I'd assumed Symbian did not provide any built-in options for storing passwords. But now, one by one, this option is now appearing in these clients. Has something changed in Symbian? Could it be a function of the programming language (C++ vs. Java)? Or are the developers of these clients "cheating"? Would someone explain this, or at least make a good guess? (The clients I'm talking about are commercial programs, else I'd provide a download link...)

Thanks!

[antonypr]

As far as I know, there is no specific feature for password-storage on Symbian OS. The SDKs do provide general cryptography libraries. Developers can use them to do password management.

For example, they can store the hash value of the password in a file. During authentication, only the hash value is sent to the server.

There are also applications that store the password "as is" (no hash) in the protected folder (c:\private\<SID>). This is *not* recommended because some hackers out there are able to read the protected folder these days.

[thetao]

That's what I wanted to know! So Symbian hasn't changed...these companies are writing their own password routines today, when they had previously opted against this. I've been wanting to hack one of our Nokia devices, to better see how the OS works...and at the same time could then confirm c:\private\<SID> is being used securely. (I expect these programmers aren't that dumb. ) Thanks again!

[antonypr]

The private folder (\private\<SID>) was secure until recently. A couple of months ago, someone has managed to "read" it by exploiting security hole from AppTRK.