堆栈内存溢出
  简体   繁体   English

在 iOS 中卸载应用程序时如何从钥匙串中删除存储的用户名和密码?

[英]How to remove the stored username and password from keychain while uninstalling application in iOS?

 原文  2020-10-20 14:07:38       ios/ objective-c/ xcode/ keychain/ localauthentication

问题描述

I am pretty new to implement biometric authentication for my application and for my shopping application I am using the following logic to implement the same.我很新来为我的应用程序和购物应用程序实现生物识别身份验证,我正在使用以下逻辑来实现相同的功能。 Please bear with me if this is not the correct place to post this question.如果这不是发布此问题的正确位置,请耐心等待。 I ask moderators to move to the appropriate forum .我要求版主移动到适当的论坛。 As per now we are storing only username as AES encrypted format (not even in keychain) since client wasn't happy with storing password too in application.目前我们只将用户名存储为 AES 加密格式(甚至不在钥匙串中),因为客户端也不满意在应用程序中存储密码。 But since I have to implement the biometry I am following the logic given below: The logic is as follows:但由于我必须实现生物测定,我遵循下面给出的逻辑:逻辑如下:

First login:首次登录:

  1. User authenticates with username/password用户使用用户名/密码进行身份验证

  2. If authentication is successful they are asked if they want to use TouchID/FaceID如果身份验证成功,系统会询问他们是否要使用 TouchID/FaceID

  3. If they do, the username and password are stored in the keychain , with a requirement of biometric authentication to access the data如果这样做,用户名和密码将存储在钥匙串中,需要生物识别身份验证才能访问数据

    On subsequent logins:在后续登录时:

  4. App attempts to retrieve stored username/password triggering biometric authentication应用程序尝试检索存储的用户名/密码触发生物识别身份验证

  5. App uses stored username & password to authenticate to the server.应用程序使用存储的用户名和密码对服务器进行身份验证。

I am able to implement the same successfully , but I have a query if I uninstall the application will they remove the stored credentials in keychain.我能够成功实现相同的功能,但是我有一个疑问,如果我卸载该应用程序,他们是否会删除钥匙串中存储的凭据。 I have referred many SO questions but I cannot a particular answer.我已经提到了很多 SO 问题,但我无法给出一个特定的答案。 If it remains there still after uninstalling application, how to remove these?如果卸载应用程序后它仍然存在,如何删除这些?

1 个解决方案

解决方案1
 1 已采纳  2020-10-22 13:35:13

There is a post about this on the Apple developer forums.有一个帖子关于这个在苹果开发者论坛。 It basically tells us that the KeyChain is persistent even after app removal and reinstall (meaning the application can technically use the old keys again).它基本上告诉我们,即使在删除并重新安装应用程序后,KeyChain 仍然是持久的(这意味着应用程序在技术上可以再次使用旧密钥)。 This behaviour is not really as intended (if you read the thread carefully).这种行为并不符合预期(如果您仔细阅读该线程)。

To counter this behaviour, the forums provides a solution by setting a flag in the UserDefault storage (which is deleted when the app is uninstalled).为了解决这个问题,将提供论坛通过在设置标志的溶液UserDefault存储(这当应用程序被卸载删除)。 When a user runs the app for the first time, clear the KeyChain and set the flag.当用户第一次运行应用程序时,清除 KeyChain 并设置标志。 That way, you can be almost certain that the keys were removed before first use.这样,您几乎可以肯定,在第一次使用之前,密钥已被移除。

To answer your question directly, there is no way (as of right now) to tell when an app was uninstalled and act upon that uninstall.要直接回答您的问题,(截至目前)无法判断应用程序何时被卸载并在卸载后采取行动。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 iOS用户如何在卸载应用程序后删除钥匙串 - How can a iOS user remove keychain after uninstalling app iOS钥匙串解锁密码存储在哪里 - Where is Password for iOS Keychain unlock stored 如何使用钥匙串验证用户名和密码 - How to authenticate username and password using keychain 使用iOS钥匙串服务保存用户名密码,安全性和安全性如何? - Save username-password with iOS Keychain Services., how and how much safe? iOS:如何从函数“isEqual”的密钥链中获取用户名/密码? - iOS: How can I get username/password out of keychain for function “isEqual”? iOS从钥匙串中恢复登录框中的密码 - iOS restore password in login box from keychain 无法从钥匙串中提取密码-iOS - Unable to pull password from keychain - iOS 如何在iOS钥匙串中添加另一个密码? - How to add another password into iOS Keychain? 卸载iOS应用时删除钥匙串 - Deleting Keychain when uninstalling iOS app 如何在Oracle MAF应用程序中使用iOS钥匙串? - How to use iOS keychain in Oracle MAF application?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM