在 iOS 上存储身份验证令牌 - NSUserDefaults 与钥匙串? [英] Storing authentication tokens on iOS - NSUserDefaults vs Keychain?

问题描述

当用户登录服务时，我应该在哪个位置存储令牌?我没有保存密码(显然我会在那里使用钥匙串)，而只是保存令牌.很多地方都说只使用 NSUserDefaults，但 StackOverflow 上的一些人似乎非常热衷于 Keychain.

Which is the place I should be storing tokens for when the user logins in to a service? I'm not saving passwords (obviously where I'd use the Keychain) but just the token. A lot of places say just use NSUserDefaults but some people on StackOverflow seem really keen on the Keychain.

NSUserDefaults 好吗?

Is NSUserDefaults fine?

推荐答案

我强烈建议您使用钥匙串——这正是 Facebook 用来存储会话令牌的方式.

I would highly recommend you use the keychain - it's exactly what Facebook do for storing their session tokens.

NSUserDefaults 不安全或不加密 - 它可以在设备上和同步到 Mac 时轻松打开和阅读.因此，虽然用户默认设置是首选项和配置信息等内容的好地方，但它不是任何敏感内容(如密码)的好地方.

NSUserDefaults is not secure or encrypted - it can be easily opened and read, both on device and when synced to a Mac. So whilst user defaults is a good place for things like preferences and config info, it's not a good place for anything sensitive, like passwords.

会话令牌几乎总是与密码一样对待，因此您应该将它们安全地存储在钥匙串中，并在那里进行加密.Apple 有一些示例代码(GenericKeychain)，显示了基本实现，以及您可以通过搜索 StackOverflow 找到其他示例.希望对您有所帮助.

Session tokens should almost always treated the same as passwords, so you should store them securely in the keychain, where they'll be encrypted. Apple have some sample code (GenericKeychain) that shows a basic implementation, and you'll find other examples by searching StackOverflow. Hope that's helped you out.

这篇关于在 iOS 上存储身份验证令牌 - NSUserDefaults 与钥匙串?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！