堆栈内存溢出
  简体   繁体   English

用户可以在 iOS 上访问钥匙串吗?

[英]Can the user access the keychain on iOS?

 原文  2013-12-30 21:39:08       ios/ keychain

问题描述

We're looking at storing some information (think the equivalent of usernames, passwords, etc) in our app that we don't want the user to be able to meddle with.我们正在考虑在我们的应用程序中存储一些我们不希望用户能够干预的信息(想想相当于用户名、密码等)。 One (bad) way to do this would be to put them in an encrypted file somewhere in the app's folder, but if we did that the user would be able to take any iOS filesystem exploration tool and edit or replace that file, which we don't want.一种(不好的)方法是将它们放在应用程序文件夹中某处的加密文件中,但如果我们这样做,用户将能够使用任何 iOS 文件系统探索工具并编辑或替换该文件,我们不这样做不想。

If we stored the details in the keychain, is there any way the user could read or write those details, for example by running the keychain equivalent of a filesystem exploration tool?如果我们将详细信息存储在钥匙串中,用户是否可以通过任何方式读取或写入这些详细信息,例如通过运行等效于文件系统探索工具的钥匙串? Or is there no way to get at the app's information in the keychain without running that app?或者有没有办法在不运行该应用程序的情况下获取钥匙串中的应用程序信息?

Obviously if the user hacks our app, or has a jailbroken device, or somehow man-in-the-middle the connection that sends the information to the device, or etc, they could access the keychain items.显然,如果用户破解了我们的应用程序,或者拥有越狱的设备,或者以某种方式通过中间人将信息发送到设备的连接等,他们就可以访问钥匙串项目。 I'm not worried about that - just about whether a user with a regular, unhacked device and no weird apps on it could access the data in the keychain.我并不担心这一点 - 只是担心拥有常规、未受攻击的设备且其上没有奇怪应用程序的用户是否可以访问钥匙串中的数据。

Thanks for your help.谢谢你的帮助。

2 个解决方案

解决方案1
 11  2013-12-30 21:46:56

According to Apple docs :根据苹果文档

Whereas in OS X any application can access any keychain item provided the user gives permission, in iOS an application can access only its own keychain items.在 OS X 中,只要用户允许,任何应用程序都可以访问任何钥匙串项目,而在 iOS 中,应用程序只能访问自己的钥匙串项目。

Note: On iPhone, Keychain rights depend on the provisioning profile used to sign your application.注意:在 iPhone 上,钥匙串权限取决于用于签署应用程序的配置文件。 Be sure to consistently use the same provisioning profile across different versions of your application.确保在不同版本的应用程序中始终使用相同的配置文件。

So, if you assume that your device is not jailbroken and the the keychain subsystem is working properly, only your app (identified through its provisioning profile) can access its own keychain items.因此,如果您假设您的设备没有越狱并且钥匙串子系统正常工作,那么只有您的应用程序(通过其配置文件标识)可以访问其自己的钥匙串项目。 If you have different apps sharing the same provisioning profile, then they can all access the same keychain items.如果您有不同的应用程序共享相同的配置文件,则它们都可以访问相同的钥匙串项目。

解决方案2
 0  2020-12-31 12:32:44

It is not possible to access outside the App on iOS devices, as noted in https://stackoverflow.com/a/20848094/248062 .https://stackoverflow.com/a/20848094/248062 中所述,无法在 iOS 设备上访问应用程序外部。

However, the user can now install the App on macOS, which will provide regular macOS access to view and manipulate the keychain data.但是,用户现在可以在 macOS 上安装该应用程序,这将提供常规的 macOS 访问以查看和操作钥匙串数据。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 iOS 钥匙串访问 - iOS Keychain Access iOS 上的钥匙串访问 - Keychain access on iOS 钥匙串访问 iOS 问题 - Keychain Access iOS Issue 无法访问保存在Xamarin.iOS钥匙串值中的值 - Can't access saved in a Xamarin.iOS keychain value 在iOS8中,只能通过指纹识别才能访问钥匙串 - In iOS8 can access to the keychain be limited only by auth by fingerprint 我可以获得虚拟的iOS钥匙串访问吗? 用于构建电话间隙验证 - Can I get dummy iOS Keychain Access? for build phonegap verification 您可以将应用程序用户(钥匙串)数据推送到iOS吗? - Can you push application user (keychain) data to iOS? 我可以在iOS钥匙串中为一个用户存储/检索多个密码吗? - Can I store/ retrieve multiple passwords in the iOS keychain for a single user? iOS用户如何在卸载应用程序后删除钥匙串 - How can a iOS user remove keychain after uninstalling app iOS 中的钥匙串访问和配置文件 - Keychain access in iOS and provisioning profiles
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM