开发者

UIWebView, SSL and export compliance

问答 作者:

I have an application currently in the store which at one point involves displaying a modal UIWebView. The webview displays a specific webpage on which the user logs in, makes some selections, and then once they are finished the webview is dismissed. The login webpage is located at a https location.

I have read in a few places that using SSL means I probably need to fill in a CCATS and get my app passed for export compliance, but I assume this is not the case when using a UIWebView. If this was the case, then surely any app that includes a browser would need to pass export compliance?

I am considering removing the UIWebView for a nicer user experience, but I'm expecting that as I will be using SSL for authentication as well as any further interactions within the website, it will require filling in a CCATS.

So, I guess my questions are:

  • Am I correct that in it's current version, my app does not require export compliance

  • Is what I am doing with the UIWebView/webpage currently secure, assuming the actual website itself 开发者_JS百科is secure?

  • If I choose to remove the UIWebView and do the SSL interactions myself, am I likely to need to fill in a CCATS?

As long as you are not using any third party security API (SSL, encryption, ...) you do not need other extra compliance than the Apple's approval to submit the application on Appstore.
The Apple's security API is not the best I have seen (quite not documented and painful to work with if you ask me) but you don't really need anything from it if what you are trying to do is a simple SSL connection.

If the server you are trying to connect to uses a certificate from a valid CA (not a self-signed certificate) than implementing username/password authentication is as simple as implementing one delegate method in which you would provide user's input.

-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
     NSString *username = [binding.authenticationProperties objectForKey:kClientUsername];
     NSString *password = [binding.authenticationProperties objectForKey:kClientPassword];
     newCredential=[NSURLCredential credentialWithUser:username
                                              password:password
                                           persistence:NSURLCredentialPersistenceForSession];
     [[challenge sender] useCredential:newCredential forAuthenticationChallenge:challenge];
}

Self-signed certificates and two-way SSL might be tricker on the other hand, but I guess this is not what you are asking for :)

I hope this answers your question.
regards

Whether you use the built in SSL functionality or make your own SSL calls you are still using encryption. The requirements don't really change, so the first stop should be to become familiar with what (if any) export controls would apply.

Start with the Bureau of Industry and Security web site and if you still have questions you can call the help desk at 202-482-0707.

继续阅读:ssluiwebview

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9