IOS开发NSSecureCoding

本文介绍了NSSecureCoding协议,它是NSCoding的一种安全版本,用于增强数据编码和解码过程中的安全性,防止对象替换攻击。文章详细讲解了如何在类中实现这一协议,并提供了具体的编码和解码示例。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

NSSecureCoding

官方解释:A protocol that enables encoding and decoding in a manner that is robust against object substitution attacks.

一种协议,它以一种抗对象替换攻击的健壮方式实现编码和解码。

 

NSSecureCoding相对NSCoding来说对数据的处理添加了一定的安全性

存与取

NSData *data = [NSData dataWithContentsOfFile:filePath];
NSKeyedUnarchiver *unarchiver = [[NSKeyedUnarchiver alloc] initForReadingWithData:data];
[unarchiver setRequiresSecureCoding:YES];
 
//解码
Foo *someFoo = [unarchiver decodeObjectForKey:NSKeyedArchiveRootObjectKey];

如何遵循协议

在原来encodeWithCoderinitWithCoder的基础上增加supportsSecureCoding,如下

- (void)encodeWithCoder:(NSCoder *)aCoder{
    [aCoder encodeObject:self.title forKey:@"title"];
    [aCoder encodeObject:self.author forKey:@"author"];
    [aCoder encodeBool:self.isPublished forKey:@"isPublished"];
}

- (nullable instancetype)initWithCoder:(NSCoder *)aDecoder{
    self = [super init];
    if (self) {
        self.title = [aDecoder decodeObjectForKey:@"title"];
        self.author = [aDecoder decodeObjectForKey:@"author"];
        self.isPublished = [aDecoder decodeBoolForKey:@"isPublished"];
    }
    return self;
}

+ (BOOL)supportsSecureCoding{
    return YES;
}

 

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities. Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Drawing on the CERT’s reports and conclusions, Robert C. Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives. Coverage includes technical detail on how to Improve the overall security of any C or C++ application Thwart buffer overflows, stack-smashing, and return-oriented programming attacks that exploit insecure string manipulation logic Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions Eliminate integer-related problems resulting from signed integer overflows, unsigned integer wrapping, and truncation errors Perform secure I/O, avoiding file system vulnerabilities Correctly use formatted output functions without introducing format-string vulnerabilities Avoid race conditions and other exploitable vulnerabilities while developing concurrent code The second edition features Updates for C11 and C++11 Significant revisions to chapters on strings, dynamic memory management, and integer security A new chapter on concurrency Access to the online secure coding course offered through Carnegie Mellon’s Open Learning Initiative (OLI) Secure Coding in C and C++, Second Edition, presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. If you’re responsible for creating secure C or C++ software–or for keeping it safe–no other book offers you this much detailed, expert assistance. Table of Contents Chapter 1 Running with Scissors Chapter 2 Strings Chapter 3 Pointer Subterfuge Chapter 4 Dynamic Memory Management Chapter 5 Integer Security Chapter 6 Formatted Output Chapter 7 Concurrency Chapter 8 File I/O Chapter 9 Recommended Practices
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值