开发者

Is it possible to distribute a populated keychain with an application

I am working on an application that uses a private web service. We currently use a bundled client certificate to enable 2-way SSL connectivity however the password for the certificate is in the code and it is a concern that this could be de-compiled and used with the (trivially)extracted certificate file for nefarious purposes.

Is there a method by which I can pre-load a password into the application keychain for distribution with the app so that the passwo开发者_StackOverflow社区rd is never left in the open?


No matter how you put your password into your binary, there will be someway to exploit this, be it with debugging tools, code analysis etc.

You better treat your web service as open... maybe unlikely to get not properly authorized requests in the very next future, but basically you give away access to the public.

Keychain should be encrypted with user specific key, and this you obviously cannot do - or you would be able to read everyones data anyway.

If you really need to protect it, you probably need user accounts on your server... if this is more secure than obscurity it up to you.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜