I’ve done an app recently which requires login. Here are few tips I would like to add to this topic
1> use https connection to send and receive data.
2> use POST in network request instead of GET. I used GET in my app and Apache was recording query string(&password=123123). By default Apache doesn’t record POST parameter.
3> from device pass unique key and check from your server that’s the request is from your App.
4> working with json seems to easy to work. I uses Rob’s function to save and load json file into lua table. (Thank you Rob)
5> always check networking connection before network request. I use Rob’s code found in the business app. (Thank you Rob)
6> encrypting parameter… I’ve not done myself yet but will do in the next release
7> in the server end make sure you catch all errors and time to time review logs