¡@
2014/10/15 ¤U¤È 10:04:08
iphone Programming Glossary: attackerhttp://stackoverflow.com/questions/11889556/authenticating-requests-from-mobile-iphone-app-to-asp-net-web-api-feedback-re that access and modify the user's data I'll use a salt that is owned only by that user so it can't be used by an attacker to impersonate others. API Method Get Account Used for getting user's hashing salt for accounts that were created on the..
JSON to Persistent Data Store (CoreData, etc.) http://stackoverflow.com/questions/2563984/json-to-persistent-data-store-coredata-etc
http://stackoverflow.com/questions/3558252/ios-keychain-security
send RSA public key to iphone and use it to encrypt http://stackoverflow.com/questions/4211484/send-rsa-public-key-to-iphone-and-use-it-to-encrypt do what you're asking it encrypts data with the server's public key. It's not subject to MITM attacks unless the attacker has a copy of your private key and its password communicating via non SSL however still is but the data you encrypt with..
Explanation of MProtect Errno 12 (ENOMEM) http://stackoverflow.com/questions/5389947/explanation-of-mprotect-errno-12-enomem string vulnerabilities use after free or freeing unallocated memory errors or similar attacks cannot return into attacker supplied data. Also mprotect 2 is used to ensure that the program text space cannot be modified by those same vulnerabilities... Also mprotect 2 is used to ensure that the program text space cannot be modified by those same vulnerabilities. If an attacker can simply overwrite the functions you've supplied that's no good. But mprotect 2 isn't magic it cannot prevent against..
How to protect app IPA from hacks if reverse engineering is possible http://stackoverflow.com/questions/6939222/how-to-protect-app-ipa-from-hacks-if-reverse-engineering-is-possible vulnerabilities yourself the platform may allow for exploits which in the end may offer an entry point for a malicious attacker. As to your question It is not safe to assume that a hardcoded URL even if obfuscated beyond belief can't be peeled out.. client that your app is as safe as it can be As long as the app runs on a non jailbroken device it is unlikely that an attacker even with knowledge of your apps internals is able to get to any user data because the iPhone normally doesn't offer opportunities.. able to get to any user data because the iPhone normally doesn't offer opportunities to interfer with your app If the attacker is able to get to your users data and provided you have been protecting that data with all means available under iOS keychain..
How to ensure access to my web service from my code only? http://stackoverflow.com/questions/848788/how-to-ensure-access-to-my-web-service-from-my-code-only the result of an AES decrypt of a particular fixed string. Obviously you should do the request over SSL otherwise an attacker can just sniff the traffic. Yes a determined attacker will circumvent the scheme but like any DRM scheme that's always been.. Obviously you should do the request over SSL otherwise an attacker can just sniff the traffic. Yes a determined attacker will circumvent the scheme but like any DRM scheme that's always been the case. The trick is to make it too much effort..
|