iOS上的存储认证令牌 - VS NSUserDefaults的钥匙扣？ [英] Storing authentication tokens on iOS - NSUserDefaults vs Keychain?

问题描述

这是我应该被存储为当用户登录令牌服务的地方？我不保存密码（当然，我会用钥匙串），但只是令牌。很多地方说，只是使用NSUserDefaults的但有些人在计算器上仿佛真的热衷于钥匙扣。

Which is the place I should be storing tokens for when the user logins in to a service? I'm not saving passwords (obviously where I'd use the Keychain) but just the token. A lot of places say just use NSUserDefaults but some people on StackOverflow seem really keen on the Keychain.

NSUserDefaults的是精？

Is NSUserDefaults fine?

推荐答案

我会强烈建议您使用钥匙扣 - 这也正是Facebook的存储其会话令牌做

I would highly recommend you use the keychain - it's exactly what Facebook do for storing their session tokens.

NSUserDefaults的是不安全的或加密的 - 它可以方便地打开和阅读，无论是在设备上，当同步到Mac。因此，虽然用户的默认值是对于像preferences和配置信息的好地方，它不是任何东西敏感，如密码的好地方。

NSUserDefaults is not secure or encrypted - it can be easily opened and read, both on device and when synced to a Mac. So whilst user defaults is a good place for things like preferences and config info, it's not a good place for anything sensitive, like passwords.

会话令牌应该总是一样对待密码，所以你应该将它们安全地在钥匙串，在那里他们将被加密存储。苹果有一些样本code（<一个href=\"https://developer.apple.com/library/ios/#sample$c$c/GenericKeychain/Introduction/Intro.html\">GenericKeychain)显示一个基本的实现，你会通过搜索计算器。希望这有助于你出去找其他的例子。

Session tokens should almost always treated the same as passwords, so you should store them securely in the keychain, where they'll be encrypted. Apple have some sample code (GenericKeychain) that shows a basic implementation, and you'll find other examples by searching StackOverflow. Hope that's helped you out.

这篇关于iOS上的存储认证令牌 - VS NSUserDefaults的钥匙扣？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！