Robustness of CoreData against malicious documents?
Robustness of CoreData against malicious documents?
- Subject: Robustness of CoreData against malicious documents?
- From: Cem Karan <email@hidden>
- Date: Tue, 4 Apr 2006 08:39:05 -0400
I've been working on a project that I'd like to convert to using
CoreData, but before I do so, I'd like to know how robust CoreData is
against malicious documents. Basically, I want to know what CoreData
does against deliberately malformed documents. Does it have the
brains to react to buffer overflow attacks? Attacks where the
underlying XML/database/binary data has been hand crafted to be bad?
Etc. Note that this is beyond the simple problem that a number is
outside of some range (which is what the built-in and custom
validation methods seem to handle); this is down at the level where
someone WILL twiddle/insert/delete any bits that they can, just in
order to break the application, and gain unauthorized access.
Ideally, I'd get back an error of some kind that I can print out at
the user indicating that the data is malformed/bad/dangerous/
whatever, but if all that CoreData does is kill the application
immediately, I'm happy with that. What I absolutely CANNOT accept is
an exploit that allows untrusted code to run at an elevated level.
Thanks,
Cem Karan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden