I want to put a password login in a unity script so that wwwform can download a file from a server. Can someone easily get the pass/login out of the script after the unity project is built?
Thanks,
Dan
Yes. If someone really wanted to, it wouldn’t be that hard.
Encryption is the most common deterrent for password obfuscation. I believe you could use SSH (public - private key) encryption. I’m not too hot on cryptography myself tho.
Here’s a good little article on encryption algorithms: Encrypting passwords
I work with web request/encryption, and one thing is for sure. Nothing is 100% safe, even MD5 encryption can be reversed.
So the best practice is to create a algorithm to solve that, like just not encrypt but, add some strings symbols, make it a little bit messy, (of course in a way your decode script can recognize it) and then encrpypt. I’ve seen some company that use this method, and others that mess the password and encrypt it more than once.
It’s your call, but again nothing is 100% safe.
"Try to use Smartsnif - SmartSniff: Packet Sniffer - Capture TCP/IP packets on your network adapter " and you will see what i’m trying to say to you. (capture every network pack your card send)
If you really work with web request/encryption I can’t understand why you suggest MD5.
MD5 is probably the worst algorithm that you can have, was broken years ago.
Instead of MD5 change to SHA2 which is at least more secure.
You cannot reverse md5… If you can show me how you reverse md5 that would be awesome…:S
Md5 can only be brute forced. Passwords with more then 6 characters are alway’s safe then the “Hacker” Will give up.
Do something like this.
Md5ed Password = MD5 (YourSecretSentice+Password)
So in your client who request it.
Send username + Md5ed Password.
Server looks for the username + Md5ed Password.
That way the password is only typed in the password box and not visible on the server. Only as md5.
Also a tip for md5. Do not use websites that generates them they will save it in a database witch can be used for brute forcing.
My password = test.
Hashed with secrets sentice = dbbffd28960ddb6ce44f72845b90d546
Any kind of encryption that isn’t reversible are good. 
(I only know md5)
where did you see that i say that??? It was only an example, i was not suggesting MD5… Read it right man.
And yes i work with it (Hash - SHA1 and SHA2).
I’ve read it correctly. You’re putting an example like saying MD5 is strong and secure.
Re-read again.
No, he put an example that MD5, though thought to be secure by some, actually isn’t.
That’s right…that was my intention
This is for an iphone app. The script downloads the assetBundles automatically when the user has enough coins. There are no registered users with passwords. So the password would have to be in the script. If the pass/login is in the unity files somewhere it sounds like there is no way to hide it. Even if I stored it outside and it was encrypted I would have to decrypt it to send it. Wouldn’t they be able to still read what is being sent?