“归零"指的是"0".Swift中的敏感字符串数据 [英] "Zero out" sensitive String data in Swift

问题描述

用户将其密码输入到textField中.我将实例变量设置为此值:

A user enters their password into a textField. I set an instance variable to this value:

let password = passwordTextField.text!

我想确保这些数据不会在任何地方保留，因此我想将这些数据归零".

I want to ensure this data is not preserved anywhere, and so I want to "zero out" this data.

完成后，将它设置为nil这么简单吗?还是将其设置为空字符串，然后设置为nil?

Is this as simple as setting it to nil when I am done? Or setting it to an empty string and then nil?

推荐答案

这些是通用的UI安全提示(摘自Vandad Nahavandipoor编写的ios 7编程指南)

These are general UI security tips (From ios 7 programming cookbook written by Vandad Nahavandipoor)

•确保用户将所有密码和安全字段输入到实例中的 UITextField 的 secureTextEntry 属性设置为YES.

• Ensure that all passwords and secure fields are entered, by the user, into instances of UITextField with their secureTextEntry properties set to YES.

•如果用户在包含个人信息(例如用户的信用)的屏幕上卡号或家庭住址，设置应用主窗口的隐藏属性在应用程序委托的 applicationWillResignActive :方法中为YES，并且在 applicationDidBecomeActive :应用程序委托方法中将相同的属性设置为NO(以显示窗口).这将确保iOS截取的屏幕截图进入后台时，您的应用的用户界面将不包含任何窗口的里面的内容.Apple建议使用此方法.

• If the user is on a screen that contains personal information, such as the user’s credit card number or home address, set the hidden property of your app’s main window to YES in the applicationWillResignActive: method of your app delegate, and set the same property to NO (to show the window) in the applicationDidBecomeActive: app delegate method. This will ensure that the screenshot that iOS takes of your app’s UI when going to the background will not contain any of your window’s contents in it. This method is recommended by Apple.

•发送之前，请确保在文本字段/视图中验证用户的输入他们到服务器.•使用本章中学到的机制，在以下情况下保护用户的输入安全:您将其存储在磁盘上的文件或 keychain 中.

• Ensure that you validate the user’s input in your text fields/views before sending them to a server. • Using the mechanisms that you’ve learned in this chapter, secure the user’s entry if you are storing it in files on disk or in the keychain.

•在您接受用于身份验证的密码或数字代码的屏幕上，一旦视图控制器不再出现在屏幕上，请清除那些密码/代码字段因为用户不再需要它们了.如果您不放弃所有权这些视图控制器中，它们的内容将保留在内存中.这包括这些视图控制器上的安全文本字段条目.最好处置内存在处理完这些数据后立即包含敏感信息.

• On screens where you accept a password or a numerical code for authentication, once the view controller is no longer on the screen, clear those password/code fields because the user won’t need them anymore. If you are not relinquishing ownership of those view controllers, their contents will stay in the memory. This includes the secure text field entries on those view controllers. It’s best to dispose of memory that contains sensitive information as soon as you are done with that data.

这篇关于“归零"指的是"0".Swift中的敏感字符串数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！