Revision history [back]

click to hide/show revision 1
initial version

You're correct that username and password are provided directly via RequestCredentials callback. But this doesn't necessarily require that usernames and passwords have to be stored in plain-text.

An application can prompt the user for the password during authentication, for instance. This avoids having to store the password.

If the application doesn't want to repeatedly prompt the user for usernames and passwords repeatedly, it would have to store them in which ever secure manner it prefers (for eg. KeyChain API on Android). Different operating systems have ways to store credentials securely for Applications. Any of them can be used. All the application needs to do is to retrieve and supply them when RequestCredentials callback is invoked.

AllJoyn simply does not require that usernames and passwords are stored in plaintext.