与KeyChain相比,NSUserDefaults的安全性如何
[英]How safe is NSUserDefaults compared to KeyChain
问题描述
I want to know the safety when storing lets say user login information such as username and passwords in NSUserDefaults. 
我想知道存储时的安全性,可以在NSUserDefaults中说出用户登录信息,例如用户名和密码。
In questions regarding how to store such info everyone say NSUserDefaults is bad and KeyChan is the right way to go. 在有关如何存储此类信息的问题中,每个人都说NSUserDefaults很糟糕,KeyChan是正确的方法。 But they never say WHY NSUserDefaults is bad. 但他们从未说过为什么NSUserDefaults很糟糕。
Is it a security risk to store a password in NSUserDefaults? 在NSUserDefaults中存储密码是否存在安全风险?
Will it be accessible to "hackers" if using NSUserDefaults instead of KeyChain? 如果使用NSUserDefaults代替KeyChain,“黑客”是否可以访问它?
2 个解决方案
解决方案1
2 2016-10-14 17:19:27
Both methods use a unique key/value approach, and that is their only common point. 两种方法都使用唯一的键/值方法,这是它们唯一的共同点。
NSUserDefaults uses no encryption and is part of your app's sandbox. NSUserDefaults使用加密,是应用程序沙箱的一部分。 Thus will be removed once the app is removed. 因此,一旦删除应用程序将删除。
KeyChain on the other hand, is encrypted and persists independently of your app. 另一方面, KeyChain是加密的,并且独立于您的应用程序而持久存在。
So for storing sensitive data such as Login/Password pairs, or security certificates, you should absolutely use KeyChain . 因此,对于存储敏感数据(如登录/密码对或安全证书),您绝对应该使用KeyChain 。
Here's an Apple provided sample project: https://developer.apple.com/library/content/samplecode/GenericKeychain/Introduction/Intro.html 这是Apple提供的示例项目: https : //developer.apple.com/library/content/samplecode/GenericKeychain/Introduction/Intro.html
And you can definitely write your own wrapper to simplify usage. 你绝对可以编写自己的包装器来简化使用。
解决方案2
1 2015-04-22 13:12:33
NSUserDefaults are stored in plain text within the bundlename.plist file on a device. NSUserDefaults以纯文本形式存储在设备上的bundlename.plist文件中。 Everyone with access to a device can open or copy the file and read the information without encryption. 有权访问设备的每个人都可以打开或复制文件,无需加密即可读取信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.