stackoom
  简体   繁体   中英

How to ensure the integrity of data sent to the database from my application?

 原文  2021-06-10 19:58:54       ios/ swift/ firebase-realtime-database/ jailbreak/ data-integrity

Question

I am currently creating an iOS application with Swift. For the database I use Firebase Realtime Database where I store among other things information about the user and requests that the user sends me. It is very important for my application that the data in the database is not corrupted. For this I have disabled data persistence so that I don't have to store the requests locally on the device. But I was wondering if it was possible for the user to directly modify the values of the variables during the execution of my application and still send erroneous requests. For example the user has a number of coins, can he access the memory of the application, modify the number of coins, return to the application and send an erroneous request without having to modify it himself. If this is the case then is it really more secure to disable data persistence or is this a misconception? Also, does disabling access to jailbroken devices solve my problems? Because I've heard that a normal user can still modify the request backups before they are sent.

To summarize I would like to understand if what I think is correct? Is it really useful to prevent requests to save locally or then anyway a malicious user will be able to modify the values of variables directly during the execution and this without jailbreak?

I would also like to find a solution so that the data in my database is reliable.

Thank you for your attention:)

PS: I also set the security rules of the db so that only a logged in user can write and read only in his area.

1 answers

solution1
 1  2021-06-10 20:15:17

You should treat the server-side data as the only source of truth, and consider all data coming from the client to be suspect.

To protect your server-side data, you should implement Firebase's server-side security rules . With these you can validate data structures and ensure all read/writes are authorized .

Disabling client-side persistence, or write queues as in your previous question, is not all that useful and not necessary once you follow the two rules above.

As an added layer of security you can enable Firebase's new App Check , which works with a so-called attestation provider on your device (DeviceCheck on iOS) to detect tampering, and allows you to then only allow requests from uncorrupted devices.

By combining App Check and Security Rules you get both broad protection from abuse, and fine-grained control over the data structure and who can access what data.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I ensure the integrity of my iOS app? How do I ensure that only my app is able to register and receive messages sent from FCM? how to fetch data from my sqlite database How to ensure the XMPP message sent to the openfire server? How can I ensure my UITableView data update function is called only once when app is displayed again (from background start, or launch)? how to get additional data sent from one signal console in my iOS app? How do I ensure my media will continue playing when using AV Foundation while my application is in the background? How to open a custom data file from Mail in my iOS Application? How do I Ensure my Application's iOS Deployment Target will be Usable for that SDK? How to build a server database for my application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM