Re: How can they know?
Re: How can they know?
- Subject: Re: How can they know?
- From: Greg Hurrell <email@hidden>
- Date: Thu, 4 Aug 2005 17:07:40 +0200
El 04/08/2005, a las 13:36, Lorenzo escribió:
Since I use the content of that file to give the user the
permission to run,
I would like to know: can the user feed my application with some
other data
coming from a different server?
I mean, can a user diverge my call dictionaryWithContentsOfURL from my
domain to some other domain?
Yes. To protect against this attack you would need to use
cryptography to digitally sign the information returned from the
server. The application would then verify the signature.
Two things to bear in mind: (1) The attacker may decide, however,
that instead of intercepting your calls to the server he/she will
just crack the application instead and remove the network checks
altogether. (2) Most users will run a hundred miles from a product if
it refuses to run without a network connection to your server (what
if the firewall blocks it? what if they don't have always-on access?
what if your server goes down? etc).
Best wishes,
Greg
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden