Should access tokens for services like Twitter and Facebook be encrypted? In particular, should tokens be stored on the the device's Keychain vs. UserDefaults? What are some possible security issues that could arise if a user's device is stolen/taken
访问Twitter和Facebook等服务的令牌应该加密吗?特别是,令牌应该存储在设备的密钥链上,还是用户默认?如果用户的设备被盗或被盗,可能会出现什么安全问题
This is what I have come up with so far.
这就是我到目前为止想出的办法。
Pros of Keychain: Encrypted
钥匙链的优点:加密
Cons: No way to clean up when user removed app
缺点:用户删除app后无法清理
Pros of UserDefaults: Kept inside the app.
UserDefaults的优点:保存在应用程序内。
Cons: No encryption.
缺点:没有加密。
1 个解决方案
#1
11
Your UserDefaults 'con' needs amending: no encryption by default. You can encrypt the content yourself using e.g. CommonCrypto, but it needs additional work over storing the plain text.
用户默认的“con”需要修改:默认情况下没有加密。您可以使用CommonCrypto加密内容,但是在存储纯文本时需要额外的工作。
The point of an OAuth token is that someone who owns that token can use the relevant service without having to present credentials. Therefore, you should protect it like you would protect the password if you had to store that instead, as it has the same value.
OAuth令牌的意义在于,拥有该令牌的人可以使用相关服务,而无需提交凭据。因此,您应该保护它,就像您必须保存密码一样,因为它具有相同的值。
If the user's device is stolen, then unless they have passcode-locked their device the thief has the capability to use your app as the user in either of the situations you describe. If you do not encrypt the access token, then they additionally have the capability to extract that and replay it from code under their control.
如果用户的设备被偷了,那么除非他们的设备上有密码锁,否则窃贼有能力在你描述的任何一种情况下使用你的应用作为用户。如果您不加密访问令牌,那么它们还可以从它们控制的代码中提取该令牌并重新播放它。
#1
11
Your UserDefaults 'con' needs amending: no encryption by default. You can encrypt the content yourself using e.g. CommonCrypto, but it needs additional work over storing the plain text.
用户默认的“con”需要修改:默认情况下没有加密。您可以使用CommonCrypto加密内容,但是在存储纯文本时需要额外的工作。
The point of an OAuth token is that someone who owns that token can use the relevant service without having to present credentials. Therefore, you should protect it like you would protect the password if you had to store that instead, as it has the same value.
OAuth令牌的意义在于,拥有该令牌的人可以使用相关服务,而无需提交凭据。因此,您应该保护它,就像您必须保存密码一样,因为它具有相同的值。
If the user's device is stolen, then unless they have passcode-locked their device the thief has the capability to use your app as the user in either of the situations you describe. If you do not encrypt the access token, then they additionally have the capability to extract that and replay it from code under their control.
如果用户的设备被偷了,那么除非他们的设备上有密码锁,否则窃贼有能力在你描述的任何一种情况下使用你的应用作为用户。如果您不加密访问令牌,那么它们还可以从它们控制的代码中提取该令牌并重新播放它。