堆栈内存溢出
  简体   繁体   English

企业iPhone应用程序的无线分发安全性 - OTA iOS

[英]Security of over-the-air distribution of enterprise iPhone apps - OTA iOS

 原文  2012-02-02 06:35:38       iphone/ ios/ security/ distribution/ over-the-air

问题描述

In over-the-air distribution of an enterprise iPhone app, the iPhone securely downloads an XML manifest file containing a fully-qualified URL pointing to the .ipa file (the app itself) then downloads the app from there and installs it. 在企业iPhone应用程序的无线分发中,iPhone安全地下载包含指向.ipa文件(应用程序本身)的完全限定URL的XML清单文件,然后从那里下载应用程序并安装它。

I am wondering whether there is a security flaw here. 我想知道这里是否存在安全漏洞。 Assuming the iPhones are outside the firewall on the public Internet, and in the absence of a VPN, wouldn't the .ipa file have to be publicly-readable over HTTP, ie anyone could grab it and install using iTunes if they knew the URL? 假设iPhone在公共互联网的防火墙之外,并且在没有VPN的情况下,.ipa文件不能通过HTTP公开可读,即任何人都可以抓住它并使用iTunes安装,如果他们知道URL ?

The Apple reference is http://help.apple.com/iosdeployment-apps/#app43ad871e (enterprise developers only I think). Apple的参考资料是http://help.apple.com/iosdeployment-apps/#app43ad871e (我认为是企业开发人员)。

Probably I'm missing something and it's safe? 可能我错过了什么,这是安全的吗?

Thanks 谢谢

Bill. 法案。

3 个解决方案

解决方案1
 4 已采纳  2012-02-02 06:38:37

In order to use OTA iPhone app, the person who is attempting to download the app must install the proper certificate. 要使用OTA iPhone应用程序,尝试下载应用程序的人必须安装适当的证书。

Enterprise Apps are limited to 1000 OTA installs, which Apple can track on their end. 企业应用程序仅限于1000个OTA安装,Apple可以在其上进行跟踪。

For non enterprise developer accounts, you have a 100 device limit, which first have to get the device UDID up to the provisioning portal, before they can install the proper certificate to run the app. 对于非企业开发人员帐户,您有100个设备限制,首先必须将设备UDID提升到配置门户,然后才能安装适当的证书来运行应用程序。

So while you can free distribute the ipa (over HTTP or FTP or whatevs) they'll still need the proper valid certificate, and that is controlled. 因此,虽然您可以免费分发ipa(通过HTTP或FTP或whatevs),但他们仍然需要适当的有效证书,并且这是受控制的。

Of course there are probably ways around this, but in general that's how Apple protects OTA installs. 当然,有可能解决这个问题,但总的来说,这就是Apple如何保护OTA安装。

解决方案2
 1  2012-04-17 08:03:48

Yes the .ipa is on the open internet. 是的.ipa是在开放的互联网上。 You can password protect ( .htpasspw ) the page so anyone knowing the url needs to enter a user/password combo to enter the page and to download the ipa. 您可以密码保护(.htpasspw)页面,这样任何知道网址的人都需要输入用户/密码组合才能进入页面并下载ipa。

解决方案3
 1  2012-02-02 06:59:40

If you are distributing the .ipa file for your Enterprise profile, that app can be installed on any device. 如果要为企业配置文件分发.ipa文件,则可以在任何设备上安装该应用程序。 You would see a subtle warning at the bottom of the provisioning page that says something like, 你会在配置页面底部看到一个微妙的警告,上面写着:

This profile can be installed on any application. 此配置文件可以安装在任何应用程序上。

I've tested it, and it does indeed work. 我测试了它,它确实有效。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 iOS企业分发无线部署系统 - iOS Enterprise Distribution Over-The-Air deployment systems 使用无线(OTA)发行版升级iphone / ipad企业应用程序 - Upgrading the iphone/ipad enterprise app using Over The Air (OTA) distribution iPhone应用程序的无线部署 - over-the-air deployment of iPhone app iOS应用无线分发:下载无法连接到域时出错 - IOS app distribution over-the-air : error when download can't connect to domain iPhone空中分发 - iPhone distribution Over the Air iOS企业分发MDM与OTA - iOS enterprise distribution MDM vs OTA 发行企业iOS应用 - Distribution of Enterprise iOS Apps 如何通过无线发送Wifi配置文件到iPhone? - How to send the Wifi configuration file over-the-air to iPhone? iPhone OTA发行版 - iPhone OTA distribution MDM - 无线配置文件传送和配置 - MDM - Over-the-Air Profile Delivery and Configuration
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM