何时使用NSSecureCoding [英] When to use NSSecureCoding
问题描述
我正在了解 < Apple在iOS 6中引入的code> NSSecureCoding 协议。
I'm learning about the NSSecureCoding protocol introduced by Apple in iOS 6.
根据我的理解,到目前为止,应该使用它每当一个类对自身的实例进行编码/解码时,为了防止替换攻击。
From my understanding so far, it should be used whenever a class encodes/decodes instances of itself, in order to prevent substitution attacks.
我想知道在其他情况下使用它是否合适。
I'm wondering whether it would be appropriate to use it in other cases.
具体来说,如果一个类通过编码/解码其实例变量来符合 NSCoding ,而不是整个实例,是否仍然建议实施 NSSecureCoding ?
Specifically if a class conforms to NSCoding by encoding/decoding its instance variables, as opposed to the whole instance of itself, would it still be advisable to implement NSSecureCoding?
假设我有一个实现 NSCoding 的类,如下所示
Suppose I have a class that is implementing NSCoding like follows
- (void)encodeWithCoder:(NSCoder *)encoder {
[encoder encodeObject:self.aString forKey:@"aMeaningfulString"];
}
- (id)initWithCoder:(NSCoder *)decoder {
if((self = [super init])) {
self.aString = [decoder decodeObjectForKey:@"aMeaningfulString"];
}
return self;
}
并假设不涉及XPC。这个类的实例将存储在磁盘上的plist中。
and suppose also that no XPC is involved. Instances of this class will be archived in a plist stored on disk.
安全方面,使用 -decodeObjectOfClass:forKey有什么好处: 而不是
-decodeObjectForKey:?
Security-wise, is there any benefit in using -decodeObjectOfClass:forKey: as opposed to
-decodeObjectForKey:?
推荐答案
具体来说,如果一个类通过编码/解码其实例变量来符合NSCoding,而不是整个实例,那么仍然建议实现NSSecureCoding吗?
Specifically if a class conforms to NSCoding by encoding/decoding its instance variables, as opposed to the whole instance of itself, would it still be advisable to implement NSSecureCoding?
这取决于您的应用程序的需求。对于任何旧的应用程序,使用普通的NSCoding将内容保存到磁盘是可以的,因为正在编写的信息和应用程序本身(本身不应该)是敏感的。但是,假设您是一家发行申请的银行。您可以选择将某些帐户信息或API密钥保留到磁盘,以便您可以与服务进行通信,验证用户的身份等。您可能不需要整个对象,但这并不重要。 NSCoder不关心正在读取什么,只是它可以读取它并正确地完成它的工作。这是一个问题。
It depends on the needs of your application. For any old app, persisting things to disk with plain NSCoding is fine, because the information being written, and the application itself, are (should not) be sensitive in nature. But, say you were a bank releasing an application. You may choose to persist some account information, or an API key to disk so you could communicate with your service, verify the identity of the user, etc. You may not want the whole object, but that shouldn't matter. NSCoder doesn't care what is being read, just that it can read it and do its job correctly. This is a problem.
安全方面,使用-decodeObjectOfClass有什么好处:forKey:而不是-decodeObjectForKey:?
Security-wise, is there any benefit in using -decodeObjectOfClass:forKey: as opposed to -decodeObjectForKey:?
是的,非常如此。您依靠NSCoder序列化/反序列化对象(更不用说正确的对象)这一事实是一个巨大的攻击向量。一旦黑客以NSCoder使用的格式修改了信息(类似plist的结构,这是一种人类可读且非常容易制造的),那么就没有办法保证你得到的是你放入的内容NSCoder并不关心有人决定切换存档中包含的类,因此您正在重新构建恶意类的对象,运行时也不会。事实上,足够聪明的黑客会在应用程序中注入一个补丁,以确保反序列化的对象会引发某种未定义的状态(堆栈溢出),这可能会被用来潜在地利用整个应用程序。
Yes, very much so. The very fact that you're relying on NSCoder to serialize/deserialize an object (let alone the right object) is a huge attack vector. Once a hacker has modified the information in the format used by NSCoder (a plist-like structure, which is both human-readable and very maleable), then there is no way to guarantee that what you're getting back is what you put in. NSCoder doesn't care that someone decided to switch the classes contained in the archive so you're re-constructing an object of a malicious class, and neither does the runtime. In fact, a smart enough hacker would inject a patch into the application to make sure that the deserialized object would induce some sort of undefined state (a stack overflow), which could be used to potentially exploit the entire application.
decodeObjectOfClass:forKey:允许你强制NSCoder更加智能地反序列化,它会修补一个非常大的漏洞。这并不是说你从不在没有 NSSecureCoding 的情况下使用NSCoder,而是你必须明智地了解你使用它的情况。
decodeObjectOfClass:forKey: allows you to force NSCoder to be a lot smarter about deserialization, and it patches what would be a very large hole. That's not to say that you should never use NSCoder without NSSecureCoding, but rather that you have to be smart about what situations you use it in.
这篇关于何时使用NSSecureCoding的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
