MonoTouch 的安全性如何? [英] How Secure is MonoTouch?

问题描述

由于 MonoTouch 在实际应用中使用 dll，这种方法的安全性如何?例如，如果有人正在使用 Mono.Security.dll，难道有人不能将那个 dll 替换为实现方法并对应用执行代码注入攻击的 dll 吗?

Due to MonoTouch using dll's within the actual app, how secure is this approach? For instance, if someone is using the Mono.Security.dll, couldn't someone swap out that dll with one which implemented the methods and perform a code injection attack on an app?

推荐答案

这种方法有多安全?

how secure is this approach?

和我所知道的任何现有的一样多:-)

As much as any existing ones I know :-)

不能换出那个dll

不，有几个原因.

• 您不能更改应用程序文件.这会破坏数字签名并且 iOS 不会执行它.仅此一项就消除了中间人攻击；

• You cannot change the applications files. That would break the digital signature and iOS won't execute it. That alone removes a MitM attack;

每个 .dll 中的代码已经编译为本机代码(由 AOT 编译器)和主要可执行二进制文件的一部分.交换新的 .dll 不会改变执行的代码；

the code from every .dll is already compiled to native code (by the AOT compiler) and part of the main executable binary. Swapping a new .dll won't change the code that is executed;

部署在设备上的 .dll 被剥离(用于发布版本).里面没有 IL(代码)，因为它没有用(我们不能在 iOS 上进行 JIT).即使您添加一个带有 IL 代码的 .dll(例如调试版本)，它也不会被执行(同样需要 JITting)；

the .dll that is deployed on devices is stripped (for release builds). There's no IL (code) inside it since it would not be useful (we can't JIT on iOS). Even if you add a .dll with IL code (e.g. a debug build) it won't be executed (again it would require JITting);

为什么要部署 .dll ?用于元数据(例如，如果您使用反射)

Why are the .dll deployed ? for their metadata (e.g. if you use reflection)

最后一点: MonoTouch 生成本地 ARM 可执行文件，就像 Objective-C 一样.

Final note: MonoTouch produce native ARM executables just like Objective-C would.

这篇关于MonoTouch 的安全性如何?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！