开发者

Disabling fishing site warnings when auto-logging into HTTPS sites with UIWEBVIEW

I'm trying to figure out how to disable programatically the fishing site warnings that pop up when you enter a user name and password along with the url to a secure website, such as.

https://UserName:PassWord@Https://Secure.Website.com

Before the url comes up the warning dialog pops up first, since I know that the url I programmed is secure, I don't need the fishing site warn开发者_StackOverflow社区ing to pop up.

If anyone has any Ideas, I would greatly appreciate it. Thank you in advance.


You just cant do this.

This behavior is in private UIKit apis that you can't alter without being rejected from AppStore.

And for once, there is a good reason to this, a security reason :)

EDIT (after comments below)

I think you can disable these warnings in device settings : Settings App > Safari > Fraud Warning

Disabling fishing site warnings when auto-logging into HTTPS sites with UIWEBVIEW

Note that you can't do this with code from your app. You can only ask user to do so, or maybe by using Enterprise deployment facilities.

EDIT 2 About security concerns

  1. Again, there are very GOOD reason to this security, especially for a company concerned by its confidentiality/security.
  2. It is not because you set a static URL in a UIWebView that this is the URL you will get, phishing is not only from websites servers, it can also come from a middle man attack on the TCP/IP connection, DNS spoofing, or who knows, an admin going nuts :)
  3. Modifying private APIs is not easy, there is no source code, just assembly code that you can disassemble/analyze to figure a way to override/inject code doing what you want. It takes time that sorry I have not.
  4. In other words : you should find an alternative solution, like another URL without https (ask webmaster) but another security, not requesting data from UIWebView... I'm afraid there is no easy workaround. And I guess you know that URL authentication like you are trying to do is highly unsecure, any intermediate could just get the query and login/password.
  5. It is phishing and not fishing :)
  6. Do you know you can edit your comments on stackoverflow?
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜