在iPhone应用程序的代码中存储OAuth密钥 [英] Storing OAuth keys in code for iPhone apps

问题描述

我正在编写一个与第三方API集成的iPhone应用程序.这些API使用OAuth(不是针对每个用户的特定于我的应用程序的密钥/机密)来验证代表该请求的应用程序.

I'm writing an iPhone app that integrates with third party APIs. These APIs use OAuth (key/secret specific to my app not per user) in order to authenticate which app the request is being made in behalf of.

仅将密钥/秘密放入代码中是否安全(或安全)?可以对这类数据进行逆向工程吗?有没有更好的方法可以将这些数据包含在项目中?

Is it secure (or how secure) is it to simply put the key/secret in code? Can this sort of data be reverse-engineered? Is there a better way to go about including this data in a project?

推荐答案

iPhone上没有地方可以隐藏数据.拥有越狱iPhone的用户比任何开发人员都拥有对该设备的更多控制权.如果可能，您应该设置一个Web服务(例如REST或SOAP服务)来代表客户端处理这些OAuth事务.

There is no place on the iPhone to hide data. A user with a jailbroken iPhone has more control over the device than any developer. If possible you should setup a web service such as a REST or SOAP service to take care of these OAuth transactions on behalf of the client.

这篇关于在iPhone应用程序的代码中存储OAuth密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！